This library is writing debug output to a file which contains, as part of the request: API keys and credit card data.

It appears to do this regardless of any user-configurable settings, which means it will do this in production, and there is no way to turn it off without modifying the library itself.

Thanks. If the next scheduled release is not imminent, it might be a good idea to push a hotfix release disabling file logging for the time being. I've already forked the repo and made that change so I can use the library in production.

Thank you. I was able to verify that the sensitive information is being masked in the debug log, and that logging is off by default. I'll close this.