Python
/
uv
mirror of https://github.com/astral-sh/uv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cache Dependabot lookup (#16795) 

## Summary

Small nit, but I wanted to avoid doing this access in the hot path.
(Probably not important in practice.)

---------

Co-authored-by: Zanie Blue <contact@zanie.dev>
This commit is contained in:
Charlie Marsh 2025-11-20 17:24:16 -05:00 committed by GitHub
parent 4be1e0a83c
commit c5c44168e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crates/uv-auth/src/middleware.rs
View File

@ -25,6 +25,10 @@ use crate::{
};
use crate::{Index, TextCredentialStore, TomlCredentialError};
/// Cached check for whether we're running in Dependabot.
static IS_DEPENDABOT: LazyLock<bool> =
LazyLock::new(|| std::env::var(EnvVars::DEPENDABOT).is_ok_and(|value| value == "true"));
/// Strategy for loading netrc files.
enum NetrcMode {
Automatic(LazyLock<Option<Netrc>>),
@ -361,7 +365,7 @@ impl Middleware for AuthMiddleware {
// Dependabot intercepts HTTP requests and injects credentials, which means that we
// cannot eagerly enforce an `AuthPolicy` as we don't know whether credentials will be
// added outside of uv.
&& !std::env::var(EnvVars::DEPENDABOT).is_ok_and(|value| value == "true"));
&& !*IS_DEPENDABOT);
let (mut retry_request, response) = if !must_authenticate {
let url = tracing_url(&request, credentials.as_deref());