JarbasAl
commented
3 years ago "download_url" is a standard field in many of the api calls, eg, to download the icon file
i did a search on the codebase for this string and i am pretty sure all the remaining occurrences are valid ;)
i think i addressed all the relevant places, at worst this could cause log pollution
i left the places where i extracted the download_url commented out but in there in case we want to revisit, but i think i didn't miss any place where this url was injected in parsed data (only happened when parsing releases i think)