From 7ee77a9e1002cc3c9e448361efe11a623bfd4fb9 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Tue, 5 May 2026 13:21:05 +0900
Subject: feat(vcs): use Composer-compatible URL-sanitize cache keys

Previously each VCS mirror was keyed by sha1(url), which made
cache directories opaque and incompatible with Composer's layout.
Composer's GitDriver and GitDownloader both use the form
Preg::replace('{[^a-z0-9.]}i', '-', Url::sanitize(\$url)), so a
Mozart user migrating from Composer (or vice versa) could not
share an existing cache.

Reimplement GitUtil::sanitize_url to follow that pattern: redact
credentials and access tokens (Url::sanitize semantics, including
the GitHub token regex), then replace every byte outside [a-zA-Z0-9.]
with '-'. The credential redaction also collapses URLs that differ
only in their access_token to the same key.
---
 Cargo.lock | 1 -
 1 file changed, 1 deletion(-)

(limited to 'Cargo.lock')

diff --git a/Cargo.lock b/Cargo.lock
index 27fd3ac..2ade2f4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1258,7 +1258,6 @@ dependencies = [
  "reqwest",
  "serde",
  "serde_json",
- "sha1",
  "tempfile",
  "tokio",
  "tracing",
-- 
cgit v1.3.1