Skip to content

update form-data package version in tasks to remove vulnerable version #21199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 11, 2025
Merged

update form-data package version in tasks to remove vulnerable version #21199

merged 7 commits into from
Aug 11, 2025

Conversation

sanjays-ms
Copy link
Contributor

@sanjays-ms sanjays-ms commented Aug 7, 2025
edited
Loading

Context

Updating or overriding packages to resolve the form-data package vulnerability.
📌 CG Alert
CG Alert
CG Alert

Task Name

XcodeV5
MavenV2
JenkinsQueueJobV2

releasenotes - not a task.

Description

The form-data package is marked as vulnerable for few versions. This change is to either update the package containing vulnerability to newer version or override the form-data package to use a non-vulnerable version.

Risk Assessment (Low / Medium / High)

Low

Additional Testing Performed

Testing performed through azure piplines and executing test cases locally.
JenkinsQueueJobV2
MavenV2
XcodeV5

Rollback Scenario and Process (Yes/No)

Please revert PR to rollback the changes

Checklist

  • Related issue linked (if applicable)
  • Task version was bumped — see versioning guide
  • Verified the task behaves as expected

@sanjays-ms
Copy link
Contributor Author

/azp run

@sanjays-ms
Copy link
Contributor Author

/azp run

@sanjays-ms
Copy link
Contributor Author

/azp run

@sanjays-ms sanjays-ms changed the title Users/v sanjayse/fix jenkins task update form-data package version in tasks to remove vulnerable version Aug 8, 2025
@sanjays-ms
Copy link
Contributor Author

/azp run

@sanjays-ms sanjays-ms marked this pull request as ready for review August 8, 2025 08:58
@sanjays-ms sanjays-ms requested review from tarunramsinghani and a team as code owners August 8, 2025 08:58
@sanjays-ms
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

rishabhmalikMS
rishabhmalikMS reviewed Aug 11, 2025
View reviewed changes
@sanjays-ms
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@sanjays-ms
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@sanjays-ms sanjays-ms merged commit 03a706b into master Aug 11, 2025
11 checks passed
@sanjays-ms sanjays-ms deleted the users/v-sanjayse/fix-jenkins-task branch August 11, 2025 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rishabhmalikMS rishabhmalikMS rishabhmalikMS approved these changes

@sanjuyadav24 sanjuyadav24 sanjuyadav24 approved these changes

@tarunramsinghani tarunramsinghani Awaiting requested review from tarunramsinghani tarunramsinghani is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sanjays-ms @rishabhmalikMS @sanjuyadav24