feat(vcs): use Composer-compatible URL-sanitize cache keys

Previously each VCS mirror was keyed by sha1(url), which made cache directories opaque and incompatible with Composer's layout. Composer's GitDriver and GitDownloader both use the form Preg::replace('{[^a-z0-9.]}i', '-', Url::sanitize(\$url)), so a Mozart user migrating from Composer (or vice versa) could not share an existing cache. Reimplement GitUtil::sanitize_url to follow that pattern: redact credentials and access tokens (Url::sanitize semantics, including the GitHub token regex), then replace every byte outside [a-zA-Z0-9.] with '-'. The credential redaction also collapses URLs that differ only in their access_token to the same key.
author: nsfisis <nsfisis@gmail.com> 2026-05-05 13:21:05 +0900
committer: nsfisis <nsfisis@gmail.com> 2026-05-05 13:21:05 +0900
commit: 7ee77a9e1002cc3c9e448361efe11a623bfd4fb9 (patch)
tree: 643d95b50c30e2334e73e831e813592b98cbc421 /Cargo.lock
parent: 283ef7d1f4d85812dccd3b7e05441cfc05c59b4c (diff)
download: php-mozart-7ee77a9e1002cc3c9e448361efe11a623bfd4fb9.tar.gz
php-mozart-7ee77a9e1002cc3c9e448361efe11a623bfd4fb9.tar.zst
php-mozart-7ee77a9e1002cc3c9e448361efe11a623bfd4fb9.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 27fd3ac..2ade2f4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1258,7 +1258,6 @@ dependencies = [
  "reqwest",
  "serde",
  "serde_json",
- "sha1",
  "tempfile",
  "tokio",
  "tracing",
author	nsfisis <nsfisis@gmail.com>	2026-05-05 13:21:05 +0900
committer	nsfisis <nsfisis@gmail.com>	2026-05-05 13:21:05 +0900
commit	7ee77a9e1002cc3c9e448361efe11a623bfd4fb9 (patch)
tree	643d95b50c30e2334e73e831e813592b98cbc421 /Cargo.lock
parent	283ef7d1f4d85812dccd3b7e05441cfc05c59b4c (diff)
download	php-mozart-7ee77a9e1002cc3c9e448361efe11a623bfd4fb9.tar.gz php-mozart-7ee77a9e1002cc3c9e448361efe11a623bfd4fb9.tar.zst php-mozart-7ee77a9e1002cc3c9e448361efe11a623bfd4fb9.zip