update

dist/merge/index.js

@@ -6001,13 +6001,24 @@ function getBackendIdsFromToken() {
 exports.getBackendIdsFromToken = getBackendIdsFromToken;
 /**
  * Masks the `sig` parameter in a URL and sets it as a secret.
- * @param url The URL containing the `sig` parameter.
+ *
- * @returns A masked URL where the sig parameter value is replaced with '***' if found,
+ * @param url - The URL containing the signature parameter to mask
- *          or the original URL if no sig parameter is present.
+ * @remarks
+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
+ * If found, it registers both the raw and URL-encoded signature values as secrets using
+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
+ *
+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
+ *
+ * @example
+ * ```typescript
+ * // Mask a signature in an Azure SAS token URL
+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
+ * ```
  */
 function maskSigUrl(url) {
     if (!url)
-        return url;
+        return;
     try {
         const parsedUrl = new URL(url);
         const signature = parsedUrl.searchParams.get('sig');
@@ -6015,17 +6026,33 @@ function maskSigUrl(url) {
             (0, core_1.setSecret)(signature);
             (0, core_1.setSecret)(encodeURIComponent(signature));
             parsedUrl.searchParams.set('sig', '***');
-            return parsedUrl.toString();
         }
     }
     catch (error) {
         (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
     }
-    return url;
 }
 exports.maskSigUrl = maskSigUrl;
 /**
- * Masks any URLs containing signature parameters in the provided object
+ * Masks sensitive information in URLs containing signature parameters.
+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
+ * and 'signed_download_url' properties of the provided object.
+ *
+ * @param body - The object should contain a signature
+ * @remarks
+ * This function extracts URLs from the object properties and calls maskSigUrl
+ * on each one to redact sensitive signature information. The function doesn't
+ * modify the original object; it only marks the signatures as secrets for
+ * logging purposes.
+ *
+ * @example
+ * ```typescript
+ * const responseBody = {
+ *   signed_upload_url: 'https://example.com?sig=abc123',
+ *   signed_download_url: 'https://example.com?sig=def456'
+ * };
+ * maskSecretUrls(responseBody);
+ * ```
  */
 function maskSecretUrls(body) {
     if (typeof body !== 'object' || body === null) {

dist/upload/index.js

@@ -6001,13 +6001,24 @@ function getBackendIdsFromToken() {
 exports.getBackendIdsFromToken = getBackendIdsFromToken;
 /**
  * Masks the `sig` parameter in a URL and sets it as a secret.
- * @param url The URL containing the `sig` parameter.
+ *
- * @returns A masked URL where the sig parameter value is replaced with '***' if found,
+ * @param url - The URL containing the signature parameter to mask
- *          or the original URL if no sig parameter is present.
+ * @remarks
+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
+ * If found, it registers both the raw and URL-encoded signature values as secrets using
+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
+ *
+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
+ *
+ * @example
+ * ```typescript
+ * // Mask a signature in an Azure SAS token URL
+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
+ * ```
  */
 function maskSigUrl(url) {
     if (!url)
-        return url;
+        return;
     try {
         const parsedUrl = new URL(url);
         const signature = parsedUrl.searchParams.get('sig');
@@ -6015,17 +6026,33 @@ function maskSigUrl(url) {
             (0, core_1.setSecret)(signature);
             (0, core_1.setSecret)(encodeURIComponent(signature));
             parsedUrl.searchParams.set('sig', '***');
-            return parsedUrl.toString();
         }
     }
     catch (error) {
         (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
     }
-    return url;
 }
 exports.maskSigUrl = maskSigUrl;
 /**
- * Masks any URLs containing signature parameters in the provided object
+ * Masks sensitive information in URLs containing signature parameters.
+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
+ * and 'signed_download_url' properties of the provided object.
+ *
+ * @param body - The object should contain a signature
+ * @remarks
+ * This function extracts URLs from the object properties and calls maskSigUrl
+ * on each one to redact sensitive signature information. The function doesn't
+ * modify the original object; it only marks the signatures as secrets for
+ * logging purposes.
+ *
+ * @example
+ * ```typescript
+ * const responseBody = {
+ *   signed_upload_url: 'https://example.com?sig=abc123',
+ *   signed_download_url: 'https://example.com?sig=def456'
+ * };
+ * maskSecretUrls(responseBody);
+ * ```
  */
 function maskSecretUrls(body) {
     if (typeof body !== 'object' || body === null) {