diff --git a/.licenses/npm/@actions/cache.dep.yml b/.licenses/npm/@actions/cache.dep.yml index f70b140..6e21be6 100644 --- a/.licenses/npm/@actions/cache.dep.yml +++ b/.licenses/npm/@actions/cache.dep.yml @@ -1,6 +1,6 @@ --- name: "@actions/cache" -version: 4.0.3 +version: 4.0.2 type: npm summary: Actions cache lib homepage: https://github.com/actions/toolkit/tree/main/packages/cache diff --git a/RELEASES.md b/RELEASES.md index b859f15..2ad0be4 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -1,9 +1,5 @@ # Releases -### 4.2.3 - -- Bump `@actions/cache` to v4.0.3 (obfuscates SAS token in debug logs for cache entries) - ### 4.2.2 - Bump `@actions/cache` to v4.0.2 diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js index c42c938..0c70483 100644 --- a/dist/restore-only/index.js +++ b/dist/restore-only/index.js @@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr }; const response = yield twirpClient.GetCacheEntryDownloadURL(request); if (!response.ok) { - core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); + core.debug(`Cache not found for keys: ${keys.join(', ')}`); return undefined; } core.info(`Cache hit for: ${request.key}`); @@ -2204,7 +2204,6 @@ const cacheUtils_1 = __nccwpck_require__(8299); const auth_1 = __nccwpck_require__(4552); const http_client_1 = __nccwpck_require__(4844); const cache_twirp_client_1 = __nccwpck_require__(1486); -const util_1 = __nccwpck_require__(7564); /** * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * @@ -2264,7 +2263,6 @@ class CacheServiceClient { (0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); const body = JSON.parse(rawBody); - (0, util_1.maskSecretUrls)(body); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); if (this.isSuccessStatusCode(statusCode)) { return { response, body }; @@ -2446,87 +2444,6 @@ exports.getUserAgentString = getUserAgentString; /***/ }), -/***/ 7564: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.maskSecretUrls = exports.maskSigUrl = void 0; -const core_1 = __nccwpck_require__(7484); -/** - * Masks the `sig` parameter in a URL and sets it as a secret. - * - * @param url - The URL containing the signature parameter to mask - * @remarks - * This function attempts to parse the provided URL and identify the 'sig' query parameter. - * If found, it registers both the raw and URL-encoded signature values as secrets using - * the Actions `setSecret` API, which prevents them from being displayed in logs. - * - * The function handles errors gracefully if URL parsing fails, logging them as debug messages. - * - * @example - * ```typescript - * // Mask a signature in an Azure SAS token URL - * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01'); - * ``` - */ -function maskSigUrl(url) { - if (!url) - return; - try { - const parsedUrl = new URL(url); - const signature = parsedUrl.searchParams.get('sig'); - if (signature) { - (0, core_1.setSecret)(signature); - (0, core_1.setSecret)(encodeURIComponent(signature)); - } - } - catch (error) { - (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); - } -} -exports.maskSigUrl = maskSigUrl; -/** - * Masks sensitive information in URLs containing signature parameters. - * Currently supports masking 'sig' parameters in the 'signed_upload_url' - * and 'signed_download_url' properties of the provided object. - * - * @param body - The object should contain a signature - * @remarks - * This function extracts URLs from the object properties and calls maskSigUrl - * on each one to redact sensitive signature information. The function doesn't - * modify the original object; it only marks the signatures as secrets for - * logging purposes. - * - * @example - * ```typescript - * const responseBody = { - * signed_upload_url: 'https://blob.core.windows.net/?sig=abc123', - * signed_download_url: 'https://blob.core/windows.net/?sig=def456' - * }; - * maskSecretUrls(responseBody); - * ``` - */ -function maskSecretUrls(body) { - if (typeof body !== 'object' || body === null) { - (0, core_1.debug)('body is not an object or is null'); - return; - } - if ('signed_upload_url' in body && - typeof body.signed_upload_url === 'string') { - maskSigUrl(body.signed_upload_url); - } - if ('signed_download_url' in body && - typeof body.signed_download_url === 'string') { - maskSigUrl(body.signed_download_url); - } -} -exports.maskSecretUrls = maskSecretUrls; -//# sourceMappingURL=util.js.map - -/***/ }), - /***/ 5321: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { @@ -65400,7 +65317,7 @@ module.exports = require("zlib"); /***/ ((module) => { "use strict"; -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.2","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); /***/ }), diff --git a/dist/restore/index.js b/dist/restore/index.js index 95f7849..1027e09 100644 --- a/dist/restore/index.js +++ b/dist/restore/index.js @@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr }; const response = yield twirpClient.GetCacheEntryDownloadURL(request); if (!response.ok) { - core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); + core.debug(`Cache not found for keys: ${keys.join(', ')}`); return undefined; } core.info(`Cache hit for: ${request.key}`); @@ -2204,7 +2204,6 @@ const cacheUtils_1 = __nccwpck_require__(8299); const auth_1 = __nccwpck_require__(4552); const http_client_1 = __nccwpck_require__(4844); const cache_twirp_client_1 = __nccwpck_require__(1486); -const util_1 = __nccwpck_require__(7564); /** * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * @@ -2264,7 +2263,6 @@ class CacheServiceClient { (0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); const body = JSON.parse(rawBody); - (0, util_1.maskSecretUrls)(body); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); if (this.isSuccessStatusCode(statusCode)) { return { response, body }; @@ -2446,87 +2444,6 @@ exports.getUserAgentString = getUserAgentString; /***/ }), -/***/ 7564: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.maskSecretUrls = exports.maskSigUrl = void 0; -const core_1 = __nccwpck_require__(7484); -/** - * Masks the `sig` parameter in a URL and sets it as a secret. - * - * @param url - The URL containing the signature parameter to mask - * @remarks - * This function attempts to parse the provided URL and identify the 'sig' query parameter. - * If found, it registers both the raw and URL-encoded signature values as secrets using - * the Actions `setSecret` API, which prevents them from being displayed in logs. - * - * The function handles errors gracefully if URL parsing fails, logging them as debug messages. - * - * @example - * ```typescript - * // Mask a signature in an Azure SAS token URL - * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01'); - * ``` - */ -function maskSigUrl(url) { - if (!url) - return; - try { - const parsedUrl = new URL(url); - const signature = parsedUrl.searchParams.get('sig'); - if (signature) { - (0, core_1.setSecret)(signature); - (0, core_1.setSecret)(encodeURIComponent(signature)); - } - } - catch (error) { - (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); - } -} -exports.maskSigUrl = maskSigUrl; -/** - * Masks sensitive information in URLs containing signature parameters. - * Currently supports masking 'sig' parameters in the 'signed_upload_url' - * and 'signed_download_url' properties of the provided object. - * - * @param body - The object should contain a signature - * @remarks - * This function extracts URLs from the object properties and calls maskSigUrl - * on each one to redact sensitive signature information. The function doesn't - * modify the original object; it only marks the signatures as secrets for - * logging purposes. - * - * @example - * ```typescript - * const responseBody = { - * signed_upload_url: 'https://blob.core.windows.net/?sig=abc123', - * signed_download_url: 'https://blob.core/windows.net/?sig=def456' - * }; - * maskSecretUrls(responseBody); - * ``` - */ -function maskSecretUrls(body) { - if (typeof body !== 'object' || body === null) { - (0, core_1.debug)('body is not an object or is null'); - return; - } - if ('signed_upload_url' in body && - typeof body.signed_upload_url === 'string') { - maskSigUrl(body.signed_upload_url); - } - if ('signed_download_url' in body && - typeof body.signed_download_url === 'string') { - maskSigUrl(body.signed_download_url); - } -} -exports.maskSecretUrls = maskSecretUrls; -//# sourceMappingURL=util.js.map - -/***/ }), - /***/ 5321: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { @@ -65400,7 +65317,7 @@ module.exports = require("zlib"); /***/ ((module) => { "use strict"; -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.2","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); /***/ }), diff --git a/dist/save-only/index.js b/dist/save-only/index.js index 1e1b222..60c05b2 100644 --- a/dist/save-only/index.js +++ b/dist/save-only/index.js @@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr }; const response = yield twirpClient.GetCacheEntryDownloadURL(request); if (!response.ok) { - core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); + core.debug(`Cache not found for keys: ${keys.join(', ')}`); return undefined; } core.info(`Cache hit for: ${request.key}`); @@ -2204,7 +2204,6 @@ const cacheUtils_1 = __nccwpck_require__(8299); const auth_1 = __nccwpck_require__(4552); const http_client_1 = __nccwpck_require__(4844); const cache_twirp_client_1 = __nccwpck_require__(1486); -const util_1 = __nccwpck_require__(7564); /** * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * @@ -2264,7 +2263,6 @@ class CacheServiceClient { (0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); const body = JSON.parse(rawBody); - (0, util_1.maskSecretUrls)(body); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); if (this.isSuccessStatusCode(statusCode)) { return { response, body }; @@ -2446,87 +2444,6 @@ exports.getUserAgentString = getUserAgentString; /***/ }), -/***/ 7564: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.maskSecretUrls = exports.maskSigUrl = void 0; -const core_1 = __nccwpck_require__(7484); -/** - * Masks the `sig` parameter in a URL and sets it as a secret. - * - * @param url - The URL containing the signature parameter to mask - * @remarks - * This function attempts to parse the provided URL and identify the 'sig' query parameter. - * If found, it registers both the raw and URL-encoded signature values as secrets using - * the Actions `setSecret` API, which prevents them from being displayed in logs. - * - * The function handles errors gracefully if URL parsing fails, logging them as debug messages. - * - * @example - * ```typescript - * // Mask a signature in an Azure SAS token URL - * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01'); - * ``` - */ -function maskSigUrl(url) { - if (!url) - return; - try { - const parsedUrl = new URL(url); - const signature = parsedUrl.searchParams.get('sig'); - if (signature) { - (0, core_1.setSecret)(signature); - (0, core_1.setSecret)(encodeURIComponent(signature)); - } - } - catch (error) { - (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); - } -} -exports.maskSigUrl = maskSigUrl; -/** - * Masks sensitive information in URLs containing signature parameters. - * Currently supports masking 'sig' parameters in the 'signed_upload_url' - * and 'signed_download_url' properties of the provided object. - * - * @param body - The object should contain a signature - * @remarks - * This function extracts URLs from the object properties and calls maskSigUrl - * on each one to redact sensitive signature information. The function doesn't - * modify the original object; it only marks the signatures as secrets for - * logging purposes. - * - * @example - * ```typescript - * const responseBody = { - * signed_upload_url: 'https://blob.core.windows.net/?sig=abc123', - * signed_download_url: 'https://blob.core/windows.net/?sig=def456' - * }; - * maskSecretUrls(responseBody); - * ``` - */ -function maskSecretUrls(body) { - if (typeof body !== 'object' || body === null) { - (0, core_1.debug)('body is not an object or is null'); - return; - } - if ('signed_upload_url' in body && - typeof body.signed_upload_url === 'string') { - maskSigUrl(body.signed_upload_url); - } - if ('signed_download_url' in body && - typeof body.signed_download_url === 'string') { - maskSigUrl(body.signed_download_url); - } -} -exports.maskSecretUrls = maskSecretUrls; -//# sourceMappingURL=util.js.map - -/***/ }), - /***/ 5321: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { @@ -65413,7 +65330,7 @@ module.exports = require("zlib"); /***/ ((module) => { "use strict"; -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.2","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); /***/ }), diff --git a/dist/save/index.js b/dist/save/index.js index d288e0b..e695962 100644 --- a/dist/save/index.js +++ b/dist/save/index.js @@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr }; const response = yield twirpClient.GetCacheEntryDownloadURL(request); if (!response.ok) { - core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); + core.debug(`Cache not found for keys: ${keys.join(', ')}`); return undefined; } core.info(`Cache hit for: ${request.key}`); @@ -2204,7 +2204,6 @@ const cacheUtils_1 = __nccwpck_require__(8299); const auth_1 = __nccwpck_require__(4552); const http_client_1 = __nccwpck_require__(4844); const cache_twirp_client_1 = __nccwpck_require__(1486); -const util_1 = __nccwpck_require__(7564); /** * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp. * @@ -2264,7 +2263,6 @@ class CacheServiceClient { (0, core_1.debug)(`[Response] - ${response.message.statusCode}`); (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`); const body = JSON.parse(rawBody); - (0, util_1.maskSecretUrls)(body); (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`); if (this.isSuccessStatusCode(statusCode)) { return { response, body }; @@ -2446,87 +2444,6 @@ exports.getUserAgentString = getUserAgentString; /***/ }), -/***/ 7564: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.maskSecretUrls = exports.maskSigUrl = void 0; -const core_1 = __nccwpck_require__(7484); -/** - * Masks the `sig` parameter in a URL and sets it as a secret. - * - * @param url - The URL containing the signature parameter to mask - * @remarks - * This function attempts to parse the provided URL and identify the 'sig' query parameter. - * If found, it registers both the raw and URL-encoded signature values as secrets using - * the Actions `setSecret` API, which prevents them from being displayed in logs. - * - * The function handles errors gracefully if URL parsing fails, logging them as debug messages. - * - * @example - * ```typescript - * // Mask a signature in an Azure SAS token URL - * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01'); - * ``` - */ -function maskSigUrl(url) { - if (!url) - return; - try { - const parsedUrl = new URL(url); - const signature = parsedUrl.searchParams.get('sig'); - if (signature) { - (0, core_1.setSecret)(signature); - (0, core_1.setSecret)(encodeURIComponent(signature)); - } - } - catch (error) { - (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`); - } -} -exports.maskSigUrl = maskSigUrl; -/** - * Masks sensitive information in URLs containing signature parameters. - * Currently supports masking 'sig' parameters in the 'signed_upload_url' - * and 'signed_download_url' properties of the provided object. - * - * @param body - The object should contain a signature - * @remarks - * This function extracts URLs from the object properties and calls maskSigUrl - * on each one to redact sensitive signature information. The function doesn't - * modify the original object; it only marks the signatures as secrets for - * logging purposes. - * - * @example - * ```typescript - * const responseBody = { - * signed_upload_url: 'https://blob.core.windows.net/?sig=abc123', - * signed_download_url: 'https://blob.core/windows.net/?sig=def456' - * }; - * maskSecretUrls(responseBody); - * ``` - */ -function maskSecretUrls(body) { - if (typeof body !== 'object' || body === null) { - (0, core_1.debug)('body is not an object or is null'); - return; - } - if ('signed_upload_url' in body && - typeof body.signed_upload_url === 'string') { - maskSigUrl(body.signed_upload_url); - } - if ('signed_download_url' in body && - typeof body.signed_download_url === 'string') { - maskSigUrl(body.signed_download_url); - } -} -exports.maskSecretUrls = maskSecretUrls; -//# sourceMappingURL=util.js.map - -/***/ }), - /***/ 5321: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { @@ -65413,7 +65330,7 @@ module.exports = require("zlib"); /***/ ((module) => { "use strict"; -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.2","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}'); /***/ }), diff --git a/package-lock.json b/package-lock.json index 7eb7333..6f43312 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,15 +1,15 @@ { "name": "cache", - "version": "4.2.3", + "version": "4.2.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cache", - "version": "4.2.3", + "version": "4.2.2", "license": "MIT", "dependencies": { - "@actions/cache": "^4.0.3", + "@actions/cache": "^4.0.2", "@actions/core": "^1.11.1", "@actions/exec": "^1.1.1", "@actions/io": "^1.1.3" @@ -36,9 +36,9 @@ } }, "node_modules/@actions/cache": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz", - "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==", + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.2.tgz", + "integrity": "sha512-cBr7JL1q+JKjbBd3w3SZN5OQ1Xg+/D8QLMcE7MpgpghZlL4biBO0ZEeraoTxCZyfN0YY0dxXlLgsgGv/sT5BTg==", "license": "MIT", "dependencies": { "@actions/core": "^1.11.1", @@ -9600,9 +9600,9 @@ }, "dependencies": { "@actions/cache": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz", - "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==", + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.2.tgz", + "integrity": "sha512-cBr7JL1q+JKjbBd3w3SZN5OQ1Xg+/D8QLMcE7MpgpghZlL4biBO0ZEeraoTxCZyfN0YY0dxXlLgsgGv/sT5BTg==", "requires": { "@actions/core": "^1.11.1", "@actions/exec": "^1.0.1", diff --git a/package.json b/package.json index 45a8816..569e8d2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cache", - "version": "4.2.3", + "version": "4.2.2", "private": true, "description": "Cache dependencies and build outputs", "main": "dist/restore/index.js", @@ -23,7 +23,7 @@ "author": "GitHub", "license": "MIT", "dependencies": { - "@actions/cache": "^4.0.3", + "@actions/cache": "^4.0.2", "@actions/core": "^1.11.1", "@actions/exec": "^1.1.1", "@actions/io": "^1.1.3"