This release contains a fix for a bug where auth tokens would, under the following circumstances, be logged to stdout:
The auth token was passed as a command line argument to Sentry CLI (via --auth-token)
The log level was set to info or debug
The default log level is warn, so users using the default log level were unaffected by this bug
We now redact the --auth-token argument and anything else that looks like it might be an auth token when logging the arguments that the Sentry CLI was called with (see #2115 and #2118 for details).
This release contains a fix for a bug where auth tokens would, under the following circumstances, be logged to stdout:
The auth token was passed as a command line argument to Sentry CLI (via --auth-token)
The log level was set to info or debug
The default log level is warn, so users using the default log level were unaffected by this bug
We now redact the --auth-token argument and anything else that looks like it might be an auth token when logging the arguments that the Sentry CLI was called with (see #2115 and #2118 for details).
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the sentry group with 1 update: @sentry/cli.
Updates
@sentry/clifrom 2.33.0 to 2.33.1Release notes
Sourced from
@sentry/cli's releases.Changelog
Sourced from
@sentry/cli's changelog.Commits
5aaf7c1Update CHANGELOG.mdeac9527release: 2.33.1acb5700meta: Revert upload-artifact bump (#2110) (#2119)5c1ac1ffix: Improve token redaction in CLI arg logging8b89630ref(token): Use secrecy crate to store auth token (#2116)3d05326test(tokens): Add test to ensure tokens redacted2665d8afix: Redact auth tokens when logging CLI args61a3294test: Delete apparently-unnecessary test8ce98a0ref(token): Separate validation warning from parsing8343763fix: Improve "project not found" message (#2112)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show