Skip to content

Vulnerability fixes for the Release module#5525

Merged
sanjays-ms merged 2 commits intomasterfrom
users/v-sanjayse/fix-cg-vuln
Apr 14, 2026
Merged

Vulnerability fixes for the Release module#5525
sanjays-ms merged 2 commits intomasterfrom
users/v-sanjayse/fix-cg-vuln

Conversation

@sanjays-ms
Copy link
Copy Markdown
Contributor

@sanjays-ms sanjays-ms commented Apr 10, 2026
edited by azure-boards bot
Loading

Context

AB#2362047
AB#2362052
AB#2362053

Important

A new .npmrc file was added so package-lock.json was deleted and recreated
Node version used 24.14.0

Description

Vulnerability fixes for the release creation module in the repo

Risk Assessment (Low / Medium / High)

Medium - The task-lib library is updated to a new major version. While this is a breaking change the usage of the library is very log only to print logs

Unit Tests Added or Updated (Yes / No)

No

Additional Testing Performed

No testing was performed

Change Behind Feature Flag (Yes / No)

No

Tech Design / Approach

  • Design has been written and reviewed.
  • Any architectural decisions, trade-offs, and alternatives are captured.

Documentation Changes Required (Yes/No)

Indicate whether related documentation needs to be updated.

  • User guides, API specs, system diagrams, or runbooks are updated.

Logging Added/Updated (Yes/No)

  • Appropriate log statements are added with meaningful messages.
  • Logging does not expose sensitive data.
  • Log levels are used correctly (e.g., info, warn, error).

Telemetry Added/Updated (Yes/No)

  • Custom telemetry (e.g., counters, timers, error tracking) is added as needed.
  • Events are tagged with proper metadata for filtering and analysis.
  • Telemetry is validated in staging or test environments.

Rollback Scenario and Process (Yes/No)

Revert PR to rollback changes

Dependency Impact Assessed and Regression Tested (Yes/No)

  • All impacted internal modules, APIs, services, and third-party libraries are analyzed.
  • Results are reviewed and confirmed to not break existing functionality.

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented Apr 10, 2026

Azure Pipelines:
Successfully started running 1 pipeline(s).

@sanjays-ms
Copy link
Copy Markdown
Contributor Author

sanjays-ms commented Apr 10, 2026

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented Apr 10, 2026

Azure Pipelines:
Successfully started running 1 pipeline(s).

@sanjays-ms sanjays-ms marked this pull request as ready for review April 10, 2026 08:38
@sanjays-ms sanjays-ms requested review from a team as code owners April 10, 2026 08:38
@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented Apr 10, 2026

Azure Pipelines:
Successfully started running 1 pipeline(s).

@sanjays-ms
Copy link
Copy Markdown
Contributor Author

sanjays-ms commented Apr 14, 2026

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented Apr 14, 2026

Azure Pipelines:
Successfully started running 1 pipeline(s).

@sanjays-ms sanjays-ms merged commit 8d612d4 into master Apr 14, 2026
23 of 24 checks passed
@sanjays-ms sanjays-ms deleted the users/v-sanjayse/fix-cg-vuln branch April 14, 2026 06:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sanjuyadav24 sanjuyadav24 sanjuyadav24 approved these changes

Assignees

No one assigned

Labels

internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sanjays-ms @sanjuyadav24