redroid-whatsapp/deploy
Natalie 719c8189f9 fix(security): pass forge PyPI creds via 0600 temp netrc, not creds-in-URL index
The token was interpolated into the pip --index-url, leaking it into process argv
and pip's URL logging. Write it to a mktemp 0600 netrc (trap-removed on exit) and
point pip at it via $NETRC with a clean index URL.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 15:12:31 -04:00
..
install.sh fix(security): pass forge PyPI creds via 0600 temp netrc, not creds-in-URL index 2026-06-28 15:12:31 -04:00