Bump azure-pipelines-tasks-webdeployment-common to version 4.274.0 an…#22094
Open
v-abhishera wants to merge 5 commits intomasterfrom
Open
Bump azure-pipelines-tasks-webdeployment-common to version 4.274.0 an…#22094v-abhishera wants to merge 5 commits intomasterfrom
v-abhishera wants to merge 5 commits intomasterfrom
Conversation
…d update task version to 0.274.0
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
allxiao
approved these changes
Apr 30, 2026
|
Azure Pipelines: Successfully started running 3 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
This PR fixes a Component Governance security alert identified in AB#2381476.
Vulnerability Details:
@xmldom/xmldom0.8.6@xmldom/xmldom0.8.13Task Name
AzureSpringCloudV0
Description
Updated
azure-pipelines-tasks-webdeployment-commonfrom^4.265.0to^4.274.0in AzureSpringCloudV0. The new version of the common package depends on@xmldom/xmldom@^0.8.13, which includes the fix for CVE-2026-41675 (XML node injection via unvalidated PI serialization).Risk Assessment (Low)
Minor dependency version bump of an owned common package. No code changes to the task itself. The
webdeployment-commonpackage maintains backward compatibility across patch/minor versions.Change Behind Feature Flag (No)
Dependency version updates do not use feature flags.
Tech Design / Approach
@xmldom/xmldom@0.8.6was a transitive dependency viaazure-pipelines-tasks-webdeployment-common.4.274.0already ships with the fixed@xmldom/xmldom@^0.8.13.^4.274.0and regenerated package-lock.json.Documentation Changes Required (No)
No documentation changes needed for an internal dependency update.
Unit Tests Added or Updated (No)
No new tests needed. Existing L0 tests were run and pass.
Additional Testing Performed
npm ls @xmldom/xmldomto verify resolution to 0.8.13node make.js build --task AzureSpringCloudV0 --fbLogging Added/Updated (No)
No logging changes required for a dependency update.
Telemetry Added/Updated (No)
No telemetry changes required for a dependency update.
Rollback Scenario and Process (Yes)
Revert this PR to restore previous
webdeployment-commonversion.Dependency Impact Assessed and Regression Tested (Yes)
@xmldom/xmldom 0.8.6npm lsverified task now resolves to@xmldom/xmldom@0.8.13Checklist