fix: leaking password in logs

[usernameisnull]

Sanitize sensitive credentials across all data-source loaders and the shared command utility to prevent passwords, tokens, and keys from appearing in logs and error messages.

when use fakeuser/fake/password in git, it outputs the https://fakeuser:fakepass%2F123@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git

➜ kl dataset-git0401-round-1-6sfdk|grep fake
time="2026-04-01T06:34:18Z" level=debug msg="executing command" func="utils.ExecuteCommandWithAllOutput()" file="command.go:16" alteredFromURI="https://******:******@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git" applicationWorkingDirectory=/workspace branch= cloneToPath=. command="/usr/bin/git clone https://fakeuser:fakepass%2F123@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git . -v" commit=HEAD depth= fromURI="https://gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git" path=. root=/baize/dataset/data submodules= type=GIT workingDirectory=/baize/dataset/data
time="2026-04-01T06:34:18Z" level=debug msg="command output: " func="utils.ExecuteCommandWithAllOutput()" file="command.go:43" alteredFromURI="https://******:******@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git" applicationWorkingDirectory=/workspace branch= cloneToPath=. command="/usr/bin/git clone https://fakeuser:fakepass%2F123@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git . -v" commit=HEAD depth= fromURI="https://gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git" path=. root=/baize/dataset/data submodules= type=GIT workingDirectory=/baize/dataset/data
time="2026-04-01T06:34:18Z" level=error msg="command failed to execute, error: Cloning into '.'...\nremote: HTTP Basic: Access denied\nfatal: Authentication failed for 'https://gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git/'\n" func="utils.ExecuteCommandWithAllOutput()" file="command.go:45" alteredFromURI="https://******:******@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git" applicationWorkingDirectory=/workspace branch= cloneToPath=. command="/usr/bin/git clone https://fakeuser:fakepass%2F123@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git . -v" commit=HEAD depth= fromURI="https://gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git" path=. root=/baize/dataset/data submodules= type=GIT workingDirectory=/baize/dataset/data
failed to load data: failed to execute command /usr/bin/git clone https://fakeuser:fakepass%2F123@gitlab.daocloud.cn/ndx/mcamel/mcamel-mysql.git . -v, err: exit status 128

[gemini-code-assist]

Code Review

This pull request upgrades the project to Go 1.26.1 and Python 3.14, while also updating several core dependencies. The primary functional change is the implementation of more robust secret masking across various data sources (Git, HTTP, HuggingFace, ModelScope, and S3) to prevent sensitive credentials from leaking into logs and error messages. The feedback focuses on extending this masking to URIs that might contain embedded credentials and optimizing the secret obscuration logic to handle large keys more efficiently and avoid redundant processing.

[yyzxw]

/lgtm