diff --git a/dist/merge/index.js b/dist/merge/index.js
index 0a475ba..d52e27e 100644
--- a/dist/merge/index.js
+++ b/dist/merge/index.js
@@ -5620,22 +5620,21 @@ class ArtifactHttpClient {
      * @param urlType The type of the URL (e.g., 'signed_upload_url', 'signed_download_url').
      */
     maskSigUrl(url, urlType) {
-        const sigMatch = url.match(/[?&]sig=([^&]+)/);
-        if (sigMatch) {
-            (0, core_1.setSecret)(sigMatch[1]);
-            (0, core_1.debug)(`Masked ${urlType}: ${url.replace(sigMatch[1], '***')}`);
+        const sigIndex = url.indexOf('sig=');
+        if (sigIndex !== -1) {
+            const sigValue = url.substring(sigIndex + 4).split('&')[0];
+            (0, core_1.setSecret)(sigValue);
+            const maskedUrl = `${url.substring(0, sigIndex + 4)}***`;
+            (0, core_1.debug)(`Masked ${urlType}: ${maskedUrl}`);
         }
     }
     maskSecretUrls(body) {
-        (0, core_1.debug)('body is passed to masksecreturls');
-        (0, core_1.debug)(`Body in mask urls: ${JSON.stringify(body, null, 2)}`);
         if (typeof body === 'object' && body !== null) {
-            if ('signed_upload_url' in body && typeof body.signed_upload_url === 'string') {
-                (0, core_1.debug)('entered that there is signed_upload_url');
+            if ('signed_upload_url' in body &&
+                typeof body.signed_upload_url === 'string') {
                 this.maskSigUrl(body.signed_upload_url, 'signed_upload_url');
             }
             if ('signed_url' in body && typeof body.signed_url === 'string') {
-                (0, core_1.debug)('entered that there is signed_url');
                 this.maskSigUrl(body.signed_url, 'signed_url');
             }
         }
diff --git a/dist/upload/index.js b/dist/upload/index.js
index 876bfdf..df91042 100644
--- a/dist/upload/index.js
+++ b/dist/upload/index.js
@@ -5620,22 +5620,21 @@ class ArtifactHttpClient {
      * @param urlType The type of the URL (e.g., 'signed_upload_url', 'signed_download_url').
      */
     maskSigUrl(url, urlType) {
-        const sigMatch = url.match(/[?&]sig=([^&]+)/);
-        if (sigMatch) {
-            (0, core_1.setSecret)(sigMatch[1]);
-            (0, core_1.debug)(`Masked ${urlType}: ${url.replace(sigMatch[1], '***')}`);
+        const sigIndex = url.indexOf('sig=');
+        if (sigIndex !== -1) {
+            const sigValue = url.substring(sigIndex + 4).split('&')[0];
+            (0, core_1.setSecret)(sigValue);
+            const maskedUrl = `${url.substring(0, sigIndex + 4)}***`;
+            (0, core_1.debug)(`Masked ${urlType}: ${maskedUrl}`);
         }
     }
     maskSecretUrls(body) {
-        (0, core_1.debug)('body is passed to masksecreturls');
-        (0, core_1.debug)(`Body in mask urls: ${JSON.stringify(body, null, 2)}`);
         if (typeof body === 'object' && body !== null) {
-            if ('signed_upload_url' in body && typeof body.signed_upload_url === 'string') {
-                (0, core_1.debug)('entered that there is signed_upload_url');
+            if ('signed_upload_url' in body &&
+                typeof body.signed_upload_url === 'string') {
                 this.maskSigUrl(body.signed_upload_url, 'signed_upload_url');
             }
             if ('signed_url' in body && typeof body.signed_url === 'string') {
-                (0, core_1.debug)('entered that there is signed_url');
                 this.maskSigUrl(body.signed_url, 'signed_url');
             }
         }