Private package add emits SecretBuffer exposure warning

I noticed a small bug with Pkg3 on Julia 0.7.0-rc2:
```julia
v0.7) pkg> add https://gitlab.invenia.ca/group/Demo.jl.git
  Updating registry at `~/.julia/registries/General`
  Updating git-repo `https://github.com/JuliaRegistries/General.git`
   Cloning git-repo `https://gitlab.invenia.ca/group/Demo.jl.git`
Username for 'https://gitlab.invenia.ca': curtis.vogt
Password for 'https://curtis.vogt@gitlab.invenia.ca':
  Updating git-repo `https://gitlab.invenia.ca/group/Demo.jl.git`
┌ Warning: a SecretBuffer was `shred!`ed by the GC; use `shred!` manually after use to minimize exposure.
└ @ Base secretbuffer.jl:169
[ Info: Assigning UUID 885af110-71a4-59bf-af26-94a227ed265e to Demo
 Resolving package versions...
  Updating `~/.julia/environments/v0.7/Project.toml`
  [885af110] + Demo v0.0.0 #master (https://gitlab.invenia.ca/group/Demo.jl.git)
  Updating `~/.julia/environments/v0.7/Manifest.toml`
  [885af110] + Demo v0.0.0 #master (https://gitlab.invenia.ca/group/Demo.jl.git)
```
The `SecretBuffer` warning should not be happening and indicates that we're neglecting to a proper cleanup. I'll note that this only occurs with cloning a repo for the first time. Was reproducible with `rm -rf ~/.julia/clones ~/.julia/packages/Demo`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Private package add emits SecretBuffer exposure warning #28435

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Private package add emits SecretBuffer exposure warning #28435

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions