From c5c44168e09f62c91d328e7c619f695bc0cf833b Mon Sep 17 00:00:00 2001
From: Charlie Marsh <charlie.r.marsh@gmail.com>
Date: Thu, 20 Nov 2025 17:24:16 -0500
Subject: [PATCH] Cache Dependabot lookup (#16795)

## Summary

Small nit, but I wanted to avoid doing this access in the hot path.
(Probably not important in practice.)

---------

Co-authored-by: Zanie Blue <contact@zanie.dev>
---
 crates/uv-auth/src/middleware.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crates/uv-auth/src/middleware.rs b/crates/uv-auth/src/middleware.rs
index ab03d4b56..dde997b34 100644
--- a/crates/uv-auth/src/middleware.rs
+++ b/crates/uv-auth/src/middleware.rs
@@ -25,6 +25,10 @@ use crate::{
 };
 use crate::{Index, TextCredentialStore, TomlCredentialError};
 
+/// Cached check for whether we're running in Dependabot.
+static IS_DEPENDABOT: LazyLock<bool> =
+    LazyLock::new(|| std::env::var(EnvVars::DEPENDABOT).is_ok_and(|value| value == "true"));
+
 /// Strategy for loading netrc files.
 enum NetrcMode {
     Automatic(LazyLock<Option<Netrc>>),
@@ -361,7 +365,7 @@ impl Middleware for AuthMiddleware {
                 // Dependabot intercepts HTTP requests and injects credentials, which means that we
                 // cannot eagerly enforce an `AuthPolicy` as we don't know whether credentials will be
                 // added outside of uv.
-                && !std::env::var(EnvVars::DEPENDABOT).is_ok_and(|value| value == "true"));
+                && !*IS_DEPENDABOT);
 
         let (mut retry_request, response) = if !must_authenticate {
             let url = tracing_url(&request, credentials.as_deref());