GitHub credentials are logged with -vv verbose logging #1426
Description
Bug Report
Description
Running semantic-release with -vv verbose logging dumps the credentials from the github URL, here I scrubbed it manually:
Feb 4, 2:33:27 PM DEBUG Parsing git url helpers.py:245
Feb 4, 2:33:27 PM 'https://x-oauth-basic:xxx@github.ibm.com/IBM-Q-Softw
Feb 4, 2:33:27 PM are/job-prediction-service'
The issue template asks you to run with -vv and now we have credentials leaked into our CI logs.
Expected behavior
Credentials should be masked in log output.
Actual behavior
Credentials are leaked in verbose output.
Environment
- Operating System (w/ version): Red Hat UBI
- Python version: 3.11
- Pip version: 25.3
- Semantic-release version: 10.5.3
- Build tool (w/ version): n/a
pip freeze
Deprecated-1.3.1 MarkupSafe-3.0.3 annotated-types-0.7.0 certifi-2026.1.4 charset_normalizer-3.4.4 click-8.1.8 click-option-group-0.5.9 dotty-dict-1.3.1 gitdb-4.0.12 gitpython-3.1.46 idna-3.11 importlib-resources-6.5.2 jinja2-3.1.6 markdown-it-py-4.0.0 mdurl-0.1.2 pydantic-2.12.5 pydantic-core-2.41.5 pygments-2.19.2 python-gitlab-6.5.0 python-semantic-release-10.5.3 requests-2.32.5 requests-toolbelt-1.0.0 rich-14.3.1 shellingham-1.5.4 smmap-5.0.2 tomlkit-0.13.3 typing-extensions-4.15.0 typing-inspection-0.4.2 urllib3-2.6.3 wrapt-2.0.1
Configuration
Semantic Release Configuration
{
"semantic_release": {
"assets": [],
"branches": {
"main": {
"match": "^(main|semantic-release)$",
"prerelease_token": "rc",
"prerelease": false
}
},
"changelog": {
"default_templates":{
"changelog_file": "CHANGELOG.md"
},
"exclude_commit_patterns": [
"^((?!(feat:|fix:|perf:|build:|chore:|ci:|docs:|style:|refactor:|test:)).)*$"
],
"environment": {
"block_start_string": "{%",
"block_end_string": "%}",
"variable_start_string": "{{",
"variable_end_string": "}}",
"comment_start_string": "{#",
"comment_end_string": "#}",
"trim_blocks": false,
"lstrip_blocks": false,
"newline_sequence": "\n",
"keep_trailing_newline": false,
"extensions": [],
"autoescape": true
}
},
"commit_author": {
"env": "GIT_COMMIT_AUTHOR",
"default": "semantic-release <semantic-release>"
},
"commit_message": "[skip ci] {version}\n\nAutomatically generated by python-semantic-release",
"commit_parser": "conventional",
"logging_use_named_masks": false,
"major_on_zero": true,
"remote": {
"name": "origin",
"token": {
"env": "GH_TOKEN"
},
"type": "github",
"ignore_token_for_push": false
},
"tag_format": "v{version}",
"version_variables": [
"api/version.py:__version__",
"ci/deployment/k8s/api/Chart.yaml:appVersion",
"ci/deployment/k8s/workers/Chart.yaml:appVersion"
],
"publish": {
"dist_glob_patterns": ["dist/*"],
"upload_to_vcs_release": true
}
}
}Execution Log
It's in #1424 (I split this issue out of that).
Additional context
n/a