subrepo: mask out passwords embedded in the messages displaying a URL I noticed the password in maintenance logs for the "no changes since last push" and "pushing to" messages when pushing with an explicit path. But the test case here with :pushurl was also affected. I didn't see that cloning or pulling subrepos on demand had this problem, but it seems safer to just mask that too. There's a bit of a disconnect here, because it looks like clone is slicing off the password (makes sense not to store it in the hgrc in cleartext). But not shearing it off of an explicit path causes the subrepo not to realize that it already pushed the latest stuff. This is the easiest fix, however.

{
    // Enforcing
    "eqeqeq"        : true,     // true: Require triple equals (===) for comparison
    "forin"         : true,     // true: Require filtering for..in loops with obj.hasOwnProperty()
    "freeze"        : true,     // true: prohibits overwriting prototypes of native objects such as Array, Date etc.
    "nonbsp"        : true,     // true: Prohibit "non-breaking whitespace" characters.
    "undef"         : true,     // true: Require all non-global variables to be declared (prevents global leaks)

    // Environments
    "browser"       : true      // Web Browser (window, document, etc)
}