Since #4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build
output is non-empty, goreleaser leaks the environment.
$GOPATH/pkg
).go mod tidy
in a before hookgoreleaser release --clean
go: downloading ...
lines, which triggers the βif output not empty, log itβ line, which includes the environment.Credentials and tokens are leaked.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/goreleaser/goreleaser | eq | 1.26.0 |