pypa / twine

Utilities for interacting with PyPI
https://twine.readthedocs.io/
Apache License 2.0
1.61k stars 308 forks source link

Printed URLs for Twine uploads should sanitize secrets with regard to alternate repositories that require credentials. #1105

Closed ascheel closed 5 months ago

ascheel commented 5 months ago

Is there an existing issue for this?

What keywords did you use to search existing issues?

password sanitize sanitizing censor url

Please describe why your using this option

Just creating an issue to match the Pull Request that I've already created. It seemed appropriate. The below PR sanitizes the printed output, clearing any sensitive data from the repository_url so it doesn't get output to screen/logs when using custom repositories.

https://github.com/pypa/twine/pull/1104

Anything else you'd like to mention?

No response

sigmavirus24 commented 5 months ago

This is fixed in 5.1.0 via #1104