- Bump `@actions/cache` to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);

const util_1 = __nccwpck_require__(7564);

(0, util_1.maskSecretUrls)(body);

/***/ 7564:

/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {

"use strict";

Object.defineProperty(exports, "__esModule", ({ value: true }));

exports.maskSecretUrls = exports.maskSigUrl = void 0;

const core_1 = __nccwpck_require__(7484);

/**

* Masks the `sig` parameter in a URL and sets it as a secret.

*

* @param url - The URL containing the signature parameter to mask

* @remarks

* This function attempts to parse the provided URL and identify the 'sig' query parameter.

* If found, it registers both the raw and URL-encoded signature values as secrets using

* the Actions `setSecret` API, which prevents them from being displayed in logs.

*

* The function handles errors gracefully if URL parsing fails, logging them as debug messages.

*

* @example

* ```typescript

* // Mask a signature in an Azure SAS token URL

* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');

* ```

*/

function maskSigUrl(url) {

if (!url)

return;

try {

const parsedUrl = new URL(url);

const signature = parsedUrl.searchParams.get('sig');

if (signature) {

(0, core_1.setSecret)(signature);

(0, core_1.setSecret)(encodeURIComponent(signature));

}

}

catch (error) {

(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);

}

}

exports.maskSigUrl = maskSigUrl;

/**

* Masks sensitive information in URLs containing signature parameters.

* Currently supports masking 'sig' parameters in the 'signed_upload_url'

* and 'signed_download_url' properties of the provided object.

*

* @param body - The object should contain a signature

* @remarks

* This function extracts URLs from the object properties and calls maskSigUrl

* on each one to redact sensitive signature information. The function doesn't

* modify the original object; it only marks the signatures as secrets for

* logging purposes.

*

* @example

* ```typescript

* const responseBody = {

* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',

* signed_download_url: 'https://blob.core/windows.net/?sig=def456'

* };

* maskSecretUrls(responseBody);

* ```

*/

function maskSecretUrls(body) {

if (typeof body !== 'object' || body === null) {

(0, core_1.debug)('body is not an object or is null');

return;

}

if ('signed_upload_url' in body &&

typeof body.signed_upload_url === 'string') {

maskSigUrl(body.signed_upload_url);

}

if ('signed_download_url' in body &&

typeof body.signed_download_url === 'string') {

maskSigUrl(body.signed_download_url);

}

}

exports.maskSecretUrls = maskSecretUrls;

//# sourceMappingURL=util.js.map

/***/ }),

module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');

core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);

const util_1 = __nccwpck_require__(7564);

(0, util_1.maskSecretUrls)(body);

/***/ 7564:

/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {

"use strict";

Object.defineProperty(exports, "__esModule", ({ value: true }));

exports.maskSecretUrls = exports.maskSigUrl = void 0;

const core_1 = __nccwpck_require__(7484);

/**

* Masks the `sig` parameter in a URL and sets it as a secret.

*

* @param url - The URL containing the signature parameter to mask

* @remarks

* This function attempts to parse the provided URL and identify the 'sig' query parameter.

* If found, it registers both the raw and URL-encoded signature values as secrets using

* the Actions `setSecret` API, which prevents them from being displayed in logs.

*

* The function handles errors gracefully if URL parsing fails, logging them as debug messages.

*

* @example

* ```typescript

* // Mask a signature in an Azure SAS token URL

* maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');

* ```

*/

function maskSigUrl(url) {

if (!url)

return;

try {

const parsedUrl = new URL(url);

const signature = parsedUrl.searchParams.get('sig');

if (signature) {

(0, core_1.setSecret)(signature);

(0, core_1.setSecret)(encodeURIComponent(signature));

}

}

catch (error) {

(0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);

}

}

exports.maskSigUrl = maskSigUrl;

/**

* Masks sensitive information in URLs containing signature parameters.

* Currently supports masking 'sig' parameters in the 'signed_upload_url'

* and 'signed_download_url' properties of the provided object.

*

* @param body - The object should contain a signature

* @remarks

* This function extracts URLs from the object properties and calls maskSigUrl

* on each one to redact sensitive signature information. The function doesn't

* modify the original object; it only marks the signatures as secrets for

* logging purposes.

*

* @example

* ```typescript

* const responseBody = {

* signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',

* signed_download_url: 'https://blob.core/windows.net/?sig=def456'

* };

* maskSecretUrls(responseBody);

* ```

*/

function maskSecretUrls(body) {

if (typeof body !== 'object' || body === null) {

(0, core_1.debug)('body is not an object or is null');

return;

}

if ('signed_upload_url' in body &&

typeof body.signed_upload_url === 'string') {

maskSigUrl(body.signed_upload_url);

}

if ('signed_download_url' in body &&

typeof body.signed_download_url === 'string') {

maskSigUrl(body.signed_download_url);

}

}

exports.maskSecretUrls = maskSecretUrls;

//# sourceMappingURL=util.js.map

/***/ }),

module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');