Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize URLs for logging/display purposes. #1104

Merged
merged 4 commits into from
May 15, 2024
Merged

Conversation

ascheel
Copy link

@ascheel ascheel commented May 9, 2024

Sanitize URLs that contain user and password combinations since this output can show up in logging. The alternative is to silence ALL output.

It may need to be sanitized in the "raise exceptions.RedirectDetected" block, but I'm not familiar enough with it to say for sure.

@sigmavirus24
Copy link
Member

There are several places below this where it might be printed. Instead of trying to sanitize this, we should parse out the credentials in one place and then only use a repository_url that doesn't have any user information at all. (And maybe we should just forbid this usage altogether since user/pass can be provided in other ways)

@ascheel
Copy link
Author

ascheel commented May 13, 2024

It's a valid part of the URL specification (RFC 1738). It's already been allowed in the past, so to remove it would break the RFC (if that matters) and would break a not-insignificant number of people/organizations providing authentication in this manner.

@sigmavirus24 sigmavirus24 merged commit 75de094 into pypa:main May 15, 2024
22 of 23 checks passed
github-actions bot pushed a commit to Nr18/report2junit that referenced this pull request May 17, 2024
Bumps [twine](https://github.com/pypa/twine) from 5.0.0 to 5.1.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's
changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag.
(<code>[#1095](pypa/twine#1095)
&lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104)
&lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1108">#1108</a> from
pypa/fix-release-workflow</li>
<li><a
href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a>
Fix release workflow</li>
<li><a
href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1107">#1107</a> from
woodruffw-forks/release-5.1.0</li>
<li><a
href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a>
Update changelog for 5.1.0</li>
<li><a
href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1085">#1085</a> from
pypa/feature/pep-621</li>
<li><a
href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1104">#1104</a> from
ascheel/main</li>
<li><a
href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a>
Properly handle repository URLs with auth in them</li>
<li><a
href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a>
Changelog entry</li>
<li><a
href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a>
Change regex string to a raw string.</li>
<li><a
href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a>
Sanitize URLs for logging/display purposes.</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=5.0.0&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to conijnio/pull-request-codecommit that referenced this pull request May 17, 2024
Bumps [twine](https://github.com/pypa/twine) from 5.0.0 to 5.1.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's
changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag.
(<code>[#1095](pypa/twine#1095)
&lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104)
&lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1108">#1108</a> from
pypa/fix-release-workflow</li>
<li><a
href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a>
Fix release workflow</li>
<li><a
href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1107">#1107</a> from
woodruffw-forks/release-5.1.0</li>
<li><a
href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a>
Update changelog for 5.1.0</li>
<li><a
href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1085">#1085</a> from
pypa/feature/pep-621</li>
<li><a
href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1104">#1104</a> from
ascheel/main</li>
<li><a
href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a>
Properly handle repository URLs with auth in them</li>
<li><a
href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a>
Changelog entry</li>
<li><a
href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a>
Change regex string to a raw string.</li>
<li><a
href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a>
Sanitize URLs for logging/display purposes.</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=5.0.0&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this pull request May 17, 2024
…/packages/jsii-pacmak/lib/targets/python (#4516)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) &lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104) &lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
<h2>Twine 5.0.0 (2024-02-10)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) &lt;https://github.com/pypa/twine/issues/969&gt;</code>_)</li>
</ul>
<p>Misc
^^^^</p>
<ul>
<li><code>[#931](pypa/twine#931) &lt;https://github.com/pypa/twine/issues/931&gt;</code><em>, <code>[#991](pypa/twine#991) &lt;https://github.com/pypa/twine/issues/991&gt;</code></em>, <code>[#1028](pypa/twine#1028) &lt;https://github.com/pypa/twine/issues/1028&gt;</code><em>, <code>[#1040](pypa/twine#1040) &lt;https://github.com/pypa/twine/issues/1040&gt;</code></em></li>
</ul>
<h2>Twine 4.0.2 (2022-11-30)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) &lt;https://github.com/pypa/twine/issues/941&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfigure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li>
<li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li>
<li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li>
<li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li>
<li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li>
<li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li>
<li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li>
<li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li>
<li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li>
<li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
github-actions bot pushed a commit to conijnio/aws-iam-login that referenced this pull request May 21, 2024
Bumps [twine](https://github.com/pypa/twine) from 5.0.0 to 5.1.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's
changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag.
(<code>[#1095](pypa/twine#1095)
&lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104)
&lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1108">#1108</a> from
pypa/fix-release-workflow</li>
<li><a
href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a>
Fix release workflow</li>
<li><a
href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1107">#1107</a> from
woodruffw-forks/release-5.1.0</li>
<li><a
href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a>
Update changelog for 5.1.0</li>
<li><a
href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1085">#1085</a> from
pypa/feature/pep-621</li>
<li><a
href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a>
Merge pull request <a
href="https://github.com/pypa/twine/issues/1104">#1104</a> from
ascheel/main</li>
<li><a
href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a>
Properly handle repository URLs with auth in them</li>
<li><a
href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a>
Changelog entry</li>
<li><a
href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a>
Change regex string to a raw string.</li>
<li><a
href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a>
Sanitize URLs for logging/display purposes.</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=5.0.0&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this pull request Jun 27, 2024
…/packages/jsii-pacmak/lib/targets/python (#4558)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.1 (2024-06-26)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>
<p>Resolve DeprecationWarnings when extracting <code>twine</code> metadata. (<code>[#1115](pypa/twine#1115) &lt;https://github.com/pypa/twine/issues/1115&gt;</code>_)</p>
</li>
<li>
<p>Fix bug for Repository URLs with auth where the port was lost. When attempting
to prevent printing authentication credentials in URLs provided with username
and password, we did not properly handle the case where the URL also contains
a port (when reconstructing the URL). This is now handled and tested to
ensure no regressions. (<code>#fix-repo-urls-with-auth-and-port &lt;https://github.com/pypa/twine/issues/fix-repo-urls-with-auth-and-port&gt;</code>_)</p>
</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) &lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104) &lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
<h2>Twine 5.0.0 (2024-02-10)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) &lt;https://github.com/pypa/twine/issues/969&gt;</code>_)</li>
</ul>
<p>Misc
^^^^</p>
<ul>
<li><code>[#931](pypa/twine#931) &lt;https://github.com/pypa/twine/issues/931&gt;</code><em>, <code>[#991](pypa/twine#991) &lt;https://github.com/pypa/twine/issues/991&gt;</code></em>, <code>[#1028](pypa/twine#1028) &lt;https://github.com/pypa/twine/issues/1028&gt;</code><em>, <code>[#1040](pypa/twine#1040) &lt;https://github.com/pypa/twine/issues/1040&gt;</code></em></li>
</ul>
<h2>Twine 4.0.2 (2022-11-30)</h2>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/e29791dcbcd4d39ffc5c4ce2e38e3884005bd368"><code>e29791d</code></a> Prepare for v5.1.1 (<a href="https://github.com/pypa/twine/issues/1114">#1114</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f213ede904ec8553c82e75d6125efd1972fe8b00"><code>f213ede</code></a> fix: Retrieve metadata correctly from importlib_metadata (<a href="https://github.com/pypa/twine/issues/1115">#1115</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/6fbf880ee60915cf1666348c4bdd78a10415f2ac"><code>6fbf880</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1112">#1112</a> from pypa/bug/1111</li>
<li><a href="https://github.com/pypa/twine/commit/3eb9121c6d6cdb0b0d2c0e55c89319cbceda038a"><code>3eb9121</code></a> Remove extra line from changelog entry</li>
<li><a href="https://github.com/pypa/twine/commit/0191f0c9d9cae285df4c700dece7efc7c7de1551"><code>0191f0c</code></a> Preserve ports when munging repository URLs</li>
<li><a href="https://github.com/pypa/twine/commit/c5887932a552c859376a53fb4dbe39f2ab17ba20"><code>c588793</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1110">#1110</a> from DimitriPapadopoulos/principle</li>
<li><a href="https://github.com/pypa/twine/commit/1fdc197636fa1d354d5e4113121698e08824d3a0"><code>1fdc197</code></a> Fix a couple typos</li>
<li><a href="https://github.com/pypa/twine/commit/13b07b67fdc7b6de589640655045687953edab24"><code>13b07b6</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1109">#1109</a> from pypa/dependabot/github_actions/actions/checkout...</li>
<li><a href="https://github.com/pypa/twine/commit/a3e837326aa9691c89ebefecb1449977d33f89e4"><code>a3e8373</code></a> build(deps): bump actions/checkout from 4.1.5 to 4.1.6</li>
<li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...v5.1.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants