Cache library detection to prevent redundant PyPI API calls (#13529)

Copilot · AbhishekBhaskar · web-flow · commit c938bbf7cb4d · 2025-11-14T14:43:22.000-06:00
* Add memoization to library? check to reduce redundant PyPI calls

Co-authored-by: AbhishekBhaskar &lt;22154418+AbhishekBhaskar@users.noreply.github.com&gt;

* Add test for library? memoization behavior

Co-authored-by: AbhishekBhaskar &lt;22154418+AbhishekBhaskar@users.noreply.github.com&gt;

* Fix missing sig annotation for updating_pipfile? method

Co-authored-by: AbhishekBhaskar &lt;22154418+AbhishekBhaskar@users.noreply.github.com&gt;

---------

Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: AbhishekBhaskar &lt;22154418+AbhishekBhaskar@users.noreply.github.com&gt;
diff --git a/python/lib/dependabot/python/update_checker.rb b/python/lib/dependabot/python/update_checker.rb
@@ -336,24 +336,23 @@ def poetry_based?
 
       sig { returns(T::Boolean) }
       def library?
-        return false unless updating_pyproject?
-        return false unless library_details
+        return @is_library unless @is_library.nil?
 
-        return false if T.must(library_details)["name"].nil?
+        @is_library = T.let(check_pypi_for_library_match, T.nilable(T::Boolean))
+        @is_library || false
+      end
+
+      sig { returns(T::Boolean) }
+      def check_pypi_for_library_match
+        return false unless updating_pyproject? && library_details && !T.must(library_details)["name"].nil?
 
-        # Hit PyPi and check whether there are details for a library with a
-        # matching name and description
-        index_response = Dependabot::RegistryClient.get(
+        response = Dependabot::RegistryClient.get(
           url: "https://pypi.org/pypi/#{normalised_name(T.must(library_details)['name'])}/json/"
         )
+        return false unless response.status == 200
 
-        return false unless index_response.status == 200
-
-        pypi_info = JSON.parse(index_response.body)["info"] || {}
-        pypi_info["summary"] == T.must(library_details)["description"]
-      rescue Excon::Error::Timeout, Excon::Error::Socket
-        false
-      rescue URI::InvalidURIError
+        (JSON.parse(response.body)["info"] || {})["summary"] == T.must(library_details)["description"]
+      rescue Excon::Error::Timeout, Excon::Error::Socket, URI::InvalidURIError
         false
       end
 
diff --git a/python/spec/dependabot/python/update_checker_spec.rb b/python/spec/dependabot/python/update_checker_spec.rb
@@ -739,6 +739,23 @@
 
           its([:requirement]) { is_expected.to eq("~2.19.1") }
         end
+
+        context "when checking library status multiple times" do
+          before do
+            stub_request(:get, "https://pypi.org/pypi/pendulum/json/")
+              .to_return(status: 404)
+          end
+
+          it "caches the PyPI check result to avoid redundant calls" do
+            # Call requirements_update_strategy multiple times
+            checker.send(:requirements_update_strategy)
+            checker.send(:requirements_update_strategy)
+
+            # Verify PyPI was only called once (memoization working)
+            expect(a_request(:get, "https://pypi.org/pypi/pendulum/json/"))
+              .to have_been_made.once
+          end
+        end
       end
 
       context "when updating a dependency in an additional requirements file" do
