Do not pass host credentials to the updater

dependabot · Mar 5, 2024 · f0330de · f0330de
1 parent ee39507
commit f0330de
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/cmd/dependabot/internal/cmd/update.go b/cmd/dependabot/internal/cmd/update.go
@@ -336,13 +336,6 @@ func processInput(input *model.Input, flags *UpdateFlags) {
 			"username": "x-access-token",
 			"password": "$LOCAL_AZURE_ACCESS_TOKEN",
 		})
-		if len(input.Job.CredentialsMetadata) > 0 {
-			// Add the metadata since the next section will be skipped.
-			input.Job.CredentialsMetadata = append(input.Job.CredentialsMetadata, map[string]any{
-				"type": "git_source",
-				"host": "dev.azure.com",
-			})
-		}
 
 		// Add the Azure Artifacts credentials for each host if the package manager is supported.
 		if _, ok := azureArtifactsPackageManagerCredentialType[input.Job.PackageManager]; ok {
@@ -367,6 +360,11 @@ func processInput(input *model.Input, flags *UpdateFlags) {
 	// Calculate the credentials-metadata as it cannot be provided by the user anymore.
 	input.Job.CredentialsMetadata = []model.Credential{}
 	for _, credential := range input.Credentials {
+		// If the credential type is not a git_source and only has a host, skip it.
+		// This avoids issues in the updater where fully qualified registry URLs are required.
+		if credential["type"] != "git_source" && credential["host"] != "" {
+			continue
+		}
 		entry := make(map[string]any)
 		for k, v := range credential {
 			// Updater does not get credentials.