From f0ab599c8c0621f7101d6dc263a6bb4cdb149178 Mon Sep 17 00:00:00 2001
From: Markus Staab <maggus.staab@googlemail.com>
Date: Sun, 7 Jun 2026 11:56:21 +0200
Subject: [PATCH 1/3] Prevent ENV var tokens from beeing leaked by commited DI
 containers

---
 src/DependencyInjection/Configurator.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/DependencyInjection/Configurator.php b/src/DependencyInjection/Configurator.php
index 7865956266..0a5193ba2b 100644
--- a/src/DependencyInjection/Configurator.php
+++ b/src/DependencyInjection/Configurator.php
@@ -96,6 +96,10 @@ public function loadContainer(): string
 		unset($staticParameters['env']['SHELL_VERBOSITY']);
 		// make sure invocations via blackfire use the same container
 		unset($staticParameters['env']['BLACKFIRE_AGENT_SOCKET']);
+		// drop known sensitive parameter from beeing leaked, when container files committed in repositories
+		unset($staticParameters['env']['GITHUB_TOKEN']);
+		unset($staticParameters['env']['CI_JOB_TOKEN']); // gitlab
+		unset($staticParameters['env']['PRIVATE-TOKEN']); // gitlab
 
 		$containerKey = [
 			$staticParameters,

From 4d40eaed3e9eef90da9b2d54d6f29b43af9f3da6 Mon Sep 17 00:00:00 2001
From: Markus Staab <maggus.staab@googlemail.com>
Date: Sun, 7 Jun 2026 11:58:17 +0200
Subject: [PATCH 2/3] Update Configurator.php

---
 src/DependencyInjection/Configurator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/DependencyInjection/Configurator.php b/src/DependencyInjection/Configurator.php
index 0a5193ba2b..c006ee656e 100644
--- a/src/DependencyInjection/Configurator.php
+++ b/src/DependencyInjection/Configurator.php
@@ -96,7 +96,7 @@ public function loadContainer(): string
 		unset($staticParameters['env']['SHELL_VERBOSITY']);
 		// make sure invocations via blackfire use the same container
 		unset($staticParameters['env']['BLACKFIRE_AGENT_SOCKET']);
-		// drop known sensitive parameter from beeing leaked, when container files committed in repositories
+		// drop known sensitive parameter from being leaked, when container files committed in repositories
 		unset($staticParameters['env']['GITHUB_TOKEN']);
 		unset($staticParameters['env']['CI_JOB_TOKEN']); // gitlab
 		unset($staticParameters['env']['PRIVATE-TOKEN']); // gitlab

From de4ae4542245fa2870fe8fecc951a219baf9d8ec Mon Sep 17 00:00:00 2001
From: Markus Staab <maggus.staab@googlemail.com>
Date: Sun, 7 Jun 2026 12:00:44 +0200
Subject: [PATCH 3/3] Update Configurator.php

---
 src/DependencyInjection/Configurator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/DependencyInjection/Configurator.php b/src/DependencyInjection/Configurator.php
index c006ee656e..39cade4fc9 100644
--- a/src/DependencyInjection/Configurator.php
+++ b/src/DependencyInjection/Configurator.php
@@ -96,7 +96,7 @@ public function loadContainer(): string
 		unset($staticParameters['env']['SHELL_VERBOSITY']);
 		// make sure invocations via blackfire use the same container
 		unset($staticParameters['env']['BLACKFIRE_AGENT_SOCKET']);
-		// drop known sensitive parameter from being leaked, when container files committed in repositories
+		// prevent known sensitive parameter from being leaked, when container files committed in repositories
 		unset($staticParameters['env']['GITHUB_TOKEN']);
 		unset($staticParameters['env']['CI_JOB_TOKEN']); // gitlab
 		unset($staticParameters['env']['PRIVATE-TOKEN']); // gitlab