mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-10-30 11:37:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Redact Git credentials in lockfile (#6070)

Browse source 
## Summary

Closes https://github.com/astral-sh/uv/issues/6055.
This commit is contained in:
Charlie Marsh 2024-08-13 19:48:59 -04:00 committed by GitHub
parent 1bbb05dca7
commit 92263108cc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
crates/uv-resolver/src/lock.rs
View file

@ -2011,6 +2011,10 @@ impl From<GitSourceKind> for GitReference {
fn locked_git_url(git_dist: &GitSourceDist) -> Url {
let mut url = git_dist.git.repository().clone();
// Redact the credentials.
let _ = url.set_username("");
let _ = url.set_password(None);
// Clear out any existing state.
url.set_fragment(None);
url.set_query(None);

4
crates/uv/tests/lock.rs
View file

@ -5312,7 +5312,7 @@ fn lock_redact_git() -> Result<()> {
[[package]]
name = "uv-private-pypackage"
version = "0.1.0"
source = { git = "https://***@github.com/astral-test/uv-private-pypackage#d780faf0ac91257d4d5a4f0c5a0e4509608c0071" }
source = { git = "https://github.com/astral-test/uv-private-pypackage#d780faf0ac91257d4d5a4f0c5a0e4509608c0071" }
"###
);
});
@ -5339,7 +5339,7 @@ fn lock_redact_git() -> Result<()> {
Prepared 2 packages in [TIME]
Installed 2 packages in [TIME]
+ foo==0.1.0 (from file://[TEMP_DIR]/)
+ uv-private-pypackage==0.1.0 (from git+https://***@github.com/astral-test/uv-private-pypackage@d780faf0ac91257d4d5a4f0c5a0e4509608c0071)
+ uv-private-pypackage==0.1.0 (from git+https://github.com/astral-test/uv-private-pypackage@d780faf0ac91257d4d5a4f0c5a0e4509608c0071)
"###);
Ok(())