hide more credentials from the updater (#216)

dependabot · Jan 2, 2024 · a104d64 · a104d64
1 parent f8419d2
commit a104d64
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/cmd/dependabot/internal/cmd/update.go b/cmd/dependabot/internal/cmd/update.go
@@ -366,7 +366,7 @@ func processInput(input *model.Input, flags *UpdateFlags) {
 			entry := make(map[string]any)
 			for k, v := range credential {
 				// Updater does not get credentials.
-				if k != "token" && k != "password" {
+				if k != "token" && k != "password" && k != "key" && k != "auth-key" {
 					entry[k] = v
 				}
 			}

diff --git a/cmd/dependabot/internal/cmd/update_test.go b/cmd/dependabot/internal/cmd/update_test.go
@@ -69,7 +69,12 @@ func Test_processInput(t *testing.T) {
 				"url":           "https://example.com",
 				"python-index":  "https://example.com",
 				"replaces-base": "true",
-				"password":      "password",
+
+				// These values will not propagate to the metadata
+				"password": "password",
+				"token":    "token",
+				"key":      "key",
+				"auth-key": "auth-key",
 			},
 		}