Fix cooldown ignored in additional_dependencies issue

[AbhishekBhaskar]

What are you trying to accomplish?

Fixes #15111

This PR fixes 2 issues-

1. Cooldown does not apply to additional dependencies: When a pre-commit hook has additional_dependencies (e.g., black==25.1.0), the cooldown configuration was not being forwarded to the underlying ecosystem update checkers (pip, npm, go_modules, etc.). This caused additional dependencies to always update to the absolute latest version, ignoring cooldown.

2. Cooldown returns current version instead of next-best: When the latest version of a hook is within the cooldown window, the code previously returned the current version (no update), instead of falling back to the most recent version outside cooldown — which is the behavior all other ecosystems implement via filter_by_cooldown in PackageLatestVersionFinder.

3. File updater writes wrong version after cooldown filtering: When cooldown selected a fallback version (e.g., 26.3.1), latest_version_tag still returned the absolute latest tag (26.5.1), causing the file updater to write the wrong rev into .pre-commit-config.yaml.

Anything you want to highlight for special attention from reviewers?

• Pre-commit versions are discovered via git tags (not a package registry), so release dates must be fetched per-commit from a bare clone. The implementation performs a single git clone --bare and checks commit dates from the latest version downward, stopping at the first version outside the cooldown window.
• current_version now handles v-prefixed tags (e.g., v4.4.0) by stripping the prefix, preventing potential downgrades when numeric_version returns nil.
• latest_version_tag returns the cooldown-filtered tag (stored during iteration) so the file updater writes the correct ref.
• The cooldown_options parameter was added to AdditionalDependencyCheckers::Base#initialize as an optional keyword argument, so existing callers are unaffected.
• All 6 additional dependency checker implementations (python, go, node, ruby, rust, dart) were updated to forward update_cooldown to their respective ecosystem update checkers.

How will you know you've accomplished your goal?

• Reproduced the issue against a repo with Black 25.1.0 as both a hook and additional dependency. Before the fix: hook stayed at 25.1.0, additional dep jumped to 26.5.1. After: both should update to the latest version outside cooldown.
• Added tests for cooldown fallback behavior in latest_version_finder_spec.rb.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

This PR fixes pre-commit cooldown handling so that (1) additional dependencies respect the configured cooldown and (2) when the latest hook version is in cooldown, Dependabot falls back to the most recent version outside the cooldown window instead of returning the current version.

Changes:

• Forward cooldown configuration into all pre-commit additional dependency checkers and their underlying ecosystem update checkers.
• Add fallback logic in the pre-commit git-tag latest-version finder to select the newest candidate version outside cooldown when the latest is quarantined.
• Add/extend specs covering cooldown fallback behavior and cooldown passthrough for Python additional dependencies.

Show a summary per file

File	Description
pre_commit/lib/dependabot/pre_commit/update_checker/latest_version_finder.rb	Adds cooldown fallback search to find the newest tag outside cooldown.
pre_commit/lib/dependabot/pre_commit/update_checker.rb	Passes update_cooldown down into additional dependency checker construction.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/base.rb	Adds optional cooldown_options plumbing on the base checker API.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/python.rb	Forwards cooldown to the pip UpdateChecker.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/node.rb	Forwards cooldown to the npm_and_yarn UpdateChecker.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/go.rb	Forwards cooldown to the go_modules UpdateChecker.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/ruby.rb	Forwards cooldown to the bundler UpdateChecker.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/rust.rb	Forwards cooldown to the cargo UpdateChecker.
pre_commit/lib/dependabot/pre_commit/additional_dependency_checkers/dart.rb	Forwards cooldown to the pub UpdateChecker.
pre_commit/lib/dependabot/pre_commit/metadata_finder.rb	Avoids errors and improves URL extraction by supporting repo_url.
pre_commit/spec/dependabot/pre_commit/update_checker/latest_version_finder_spec.rb	Adds tests for cooldown fallback behavior in latest-version selection.
pre_commit/spec/dependabot/pre_commit/additional_dependency_checkers/python_spec.rb	Adds tests ensuring cooldown is passed through to the Python UpdateChecker.

Copilot's findings

• Files reviewed: 12/12 changed files
• Comments generated: 2