Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.

In our PyPI scans, most of the token leaks were found in actual Python code. For example, one of the functions in an affected project contained an Amazon RDS (Relational Database Service) token.

PyPI Admin Ee Durbin was notified on June 28 this year, after which the token was revoked. The Python package Index (PyPI), is the world’s number one source for Python packages.

API updates include 4x larger conversation memory for GPT-3.5 and ... This means developers can now use this model for approximately $0.0015 per 1,000 input tokens and $0.002 per 1,000 output ...