Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

getsentry/sentry#68148 changed user auth tokens, so that they now start with a sntryu_ prefix. While the CLI correctly handles these new tokens, the CLI issued a warning when using these new format tokens.

This PR updates the CLI's auth token parsing logic to recognize the new user auth token format (in addition to the old format), so that the warning is no longer issued.

…IDs (#2101)

Co-authored-by: Daniel Szoke <7881302+szokeasaurusrex@users.noreply.github.com>

Found via `typos --hidden --format brief`

symbolic-debuginfo version 12.8.0 is the latest version excluding getsentry/symbolic#816, which caused a regression in sentry-cli.

Fixes #2107

…1871)

Co-authored-by: Daniel Szoke <7881302+szokeasaurusrex@users.noreply.github.com>

Clarify that users need to check the release, project, and organization when encountering a "release not found" error, since any of these being wrong can cause a "release not found" error.

Fixes #2111

Update "project not found" message to avoid mentioning "IDs" and "slugs," which might confuse some users. Instead, make this error message follow the same format as the "release not found" message.

Separate logic for issuing the invalid auth token format validation warning from the parsing logic. This will allow us in the future to test whether a certain string might be an auth token without logging a warning.

This test does not appear to test any important functionality. Rather, it is primarily asserting that specific messages are logged. Let's remove it so we do not need to update the test if we ever change what these logs state.

Redact anything that might be an auth token when logging the command line arguments to console. This occurs only when the log level is set to `info` or `debug`; the default is `warn`.

The test ensures that when the CLI args are echoed back, anything which might reasonably be an auth token is redacted.

Using the secrecy crate prevents the auth token from accidentally being leaked if we log the AuthToken struct.

#2115 aimed to redact auth tokens when logging the arguments to the CLI. Although that change addressed some cases where auth tokens were passed as a CLI argument, not all cases were addressed. For example, the following was redacted properly with #2115:

```sh
sentry-cli --auth-token this-gets-redacted --log-level=info info
```

But, the following was not:

```sh
sentry-cli --auth-token=this-does-not-get-redacted --log-level=info info
```

The difference is that in the second example, the auth token is passed with `--auth-token=token` rather than separated by whitespace `--auth-token token`.

This change improves the redacting so that auth tokens passed like `--auth-token=token` are also redacted. The change also redacts any non-whitespace-containing substrings starting with `sntrys_` or `sntryu_` (prefixes that all auth tokens generated in the latest version of Sentry should start with), so that if an auth token appears where it is not expected, we redact it. For example, the following would be redacted with this change:

```sh
sentry-cli --auth=sntrys_my-token-passed-as-non-existing-auth-argument --log-level=info info
```

Note that as in #2115, this change is only relevant in the case where the log level is set to `info` or `debug` (the default is `warn`) – command line arguments are logged at the `info` level.

This reverts commit d0e8717, which bumped upload-artifact to version 4.

Due to actions/upload-artifact#478, upload-artifact version 4 is incompatible with our current release proces. This change is blocking us from successfully creating release builds.

As a workaround, we will revert this change for now.