Patch security vulnerabilities by bumping package dependencies#22041
Open
ellendular wants to merge 18 commits intomasterfrom
Open
Patch security vulnerabilities by bumping package dependencies#22041ellendular wants to merge 18 commits intomasterfrom
ellendular wants to merge 18 commits intomasterfrom
Conversation
ellendular
requested review from
a team,
JeyJeyGao and
tarunramsinghani
as code owners
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
Author
|
/azp run |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
ellendular
changed the title
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
…dependency-upgrade
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
The Packages in the azure-pipeline-tasks repository have been updated to align with version changes from the azure-pipelines-tasks-common-packages repository:
azure-pipelines-tasks-utility-common : ^3.272.0
azure-pipelines-tasks-artifacts-common : ^2.273.0
azure-pipelines-tasks-packaging-common : ^3.273.0
azure-pipelines-tasks-codeanalysis-common : ^2.272.0
azure-pipelines-tasks-codecoverage-tools : ^3.272.0
azure-pipelines-tasks-java-common : ^2.272.0
azure-pipelines-tasks-msbuildhelpers : ^3.272.0
azp-tasks-az-blobstorage-provider : ^3.272.1
azure-pipelines-tasks-securefiles-common : 2.272.0
Additionally, the azure-pipelines-task-lib package has been upgraded to version 5.2.10 to address security vulnerabilities.
Task Names
1 ANTV1
2 AndroidSigningV2
3 AndroidSigningV3
4 ArchiveFilesV2
5 AzureContainerAppsV0
6 AzureContainerAppsV1
7 BashV3
8 CMakeV1
9 CUrlUploaderV2
10 CmdLineV2
11 CocoaPodsV0
12 CondaEnvironmentV0
13 CondaEnvironmentV1
14 CopyFilesOverSSHV0
15 CopyFilesV2
16 DecryptFileV1
17 DeleteFilesV1
18 DotNetCoreCLIV2
19 DotNetCoreInstallerV0
20 DotNetCoreInstallerV1
21 DownloadSecureFileV1
22 ExtractFilesV1
23 FtpUploadV1
24 FtpUploadV2
25 GruntV0
26 GulpV0
27 GulpV1
28 InstallAppleCertificateV2
29 InstallAppleProvisioningProfileV1
30 InstallSSHKeyV0
31 JavaToolInstallerV0
32 JavaToolInstallerV1
33 MavenV2
34 MavenV3
35 MavenV4
36 NodeToolV0
37 NotationV0
38 PowerShellV2
39 PublishBuildArtifactsV1
40 PyPIPublisherV0
41 PythonScriptV0
42 ShellScriptV2
43 SshV0
44 UseDotNetV2
45 UseNodeV1
46 UsePythonVersionV0
47 UseRubyVersionV0
48 XamarinAndroidV1
49 XamarinTestCloudV1
50 XamariniOSV2
51 XcodeV5
Description
The packages within the azure-pipeline-tasks repository have been updated to maintain consistency with the recent version changes from the azure-pipelines-tasks-common-packages repository:
pipelines-tasks-common-packages repository:
azure-pipelines-tasks-utility-common : ^3.272.0
azure-pipelines-tasks-artifacts-common : ^2.273.0
azure-pipelines-tasks-packaging-common : ^3.273.0
azure-pipelines-tasks-codeanalysis-common : ^2.272.0
azure-pipelines-tasks-codecoverage-tools : ^3.272.0
azure-pipelines-tasks-java-common : ^2.272.0
azure-pipelines-tasks-msbuildhelpers : ^3.272.0
azp-tasks-az-blobstorage-provider : ^3.272.1
azure-pipelines-tasks-securefiles-common : 2.272.0
Relevant pull requests:
microsoft/azure-pipelines-tasks-common-packages#597
microsoft/azure-pipelines-tasks-common-packages#608
microsoft/azure-pipelines-tasks-common-packages#596
microsoft/azure-pipelines-tasks-common-packages#606
Additionally , the azure-pipelines-task-lib package has been upgraded to version 5.2.8 to address identified security vulnerabilities.
Below are the reported vulnerabilities:
AB#2362008
AB#2362009
AB#2374311
AB#2362012
AB#2362013
AB#2362016
AB#2362017
Risk Assessment (Low / Medium / High)
Low- As we are updating the version
Change Behind Feature Flag (Yes / No)
NO
Tech Design / Approach
Documentation Changes Required (Yes/No)
NA
Unit Tests Added or Updated (Yes / No)
Indicate whether unit tests were added or modified to reflect these changes.
Additional Testing Performed
No - testing done only through CI checks no further testing done.
Logging Added/Updated (Yes/No)
Telemetry Added/Updated (Yes/No)
Rollback Scenario and Process (Yes/No)
Dependency Impact Assessed and Regression Tested (Yes/No)
Checklist