redroid-whatsapp

History

Natalie 719c8189f9 fix(security): pass forge PyPI creds via 0600 temp netrc, not creds-in-URL index The token was interpolated into the pip --index-url, leaking it into process argv and pip's URL logging. Write it to a mktemp 0600 netrc (trap-removed on exit) and point pip at it via $NETRC with a clean index URL. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-28 15:12:31 -04:00
..
install.sh	fix(security): pass forge PyPI creds via 0600 temp netrc, not creds-in-URL index	2026-06-28 15:12:31 -04:00

Natalie 719c8189f9 fix(security): pass forge PyPI creds via 0600 temp netrc, not creds-in-URL index

The token was interpolated into the pip --index-url, leaking it into process argv
and pip's URL logging. Write it to a mktemp 0600 netrc (trap-removed on exit) and
point pip at it via $NETRC with a clean index URL.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-28 15:12:31 -04:00

install.sh

fix(security): pass forge PyPI creds via 0600 temp netrc, not creds-in-URL index

2026-06-28 15:12:31 -04:00