[BUG] Compromised credentials

[effigies]

What version of the bids app were you using?

No response

Describe your problem in detail.

CircleCI has alerted everyone to cycle credentials stored in their environment variables: https://circleci.com/blog/january-4-2023-security-alert/

A PYPI_PASSWORD environment variable was set in CircleCI (I have deleted it). I believe this belongs to @AmoghJohri and needs to be changed immediately. In the future, we should use tokens, and this can be done by setting TWINE_USER to __token__ and TWINE_PASSWORD to a token that is scoped to this one package only. The twine tool will automatically pick these up.

See https://pypi.org/help/#apitoken for additional guidance.

What command did you run?

No response

Describe what you expected.

No response

[Remi-Gau]

FYI this should be fixed now

[effigies]

The credentials are no longer up. The owner of the credentials may still need to revoke them.

[Remi-Gau]

ah yes sorry.