Skip to content

Update docker-common package in AzureIoTEdgeV2 task#21848

Open
v-gayatrij wants to merge 5 commits intomasterfrom
users/v-gayjaiswal/jws-cg-fixes-AzureIoTEdge
Open

Update docker-common package in AzureIoTEdgeV2 task#21848
v-gayatrij wants to merge 5 commits intomasterfrom
users/v-gayjaiswal/jws-cg-fixes-AzureIoTEdge

Conversation

@v-gayatrij
Copy link
Contributor

@v-gayatrij v-gayatrij commented Feb 18, 2026
edited
Loading

Context

AB#2339822
Jws v3.2.2 present in docker-common package v2.242.0 has vulnerabilities.
image

The latest version of docker-common uses jws v4.0.1 which is non vulnerable.

Task Name

AzureIoTEdgeV2

Description

Summarize the changes made in this PR clearly and concisely.

Update docker-common package in AzureIoTEdgeV2 task to resolve jws CG vulnerability.

Risk Assessment (Low / Medium / High)

Low

Change Behind Feature Flag (Yes / No)

Can this change be behine feature flag, if not why?

Tech Design / Approach

  • Design has been written and reviewed.
  • Any architectural decisions, trade-offs, and alternatives are captured.

Documentation Changes Required (Yes/No)

Indicate whether related documentation needs to be updated.

  • User guides, API specs, system diagrams, or runbooks are updated.

Unit Tests Added or Updated (Yes / No)

N

Additional Testing Performed

List all other tests performed (manual or automated, including integration, regression, scenario tests, etc.).

Logging Added/Updated (Yes/No)

  • Appropriate log statements are added with meaningful messages.
  • Logging does not expose sensitive data.
  • Log levels are used correctly (e.g., info, warn, error).

Telemetry Added/Updated (Yes/No)

  • Custom telemetry (e.g., counters, timers, error tracking) is added as needed.
  • Events are tagged with proper metadata for filtering and analysis.
  • Telemetry is validated in staging or test environments.

Rollback Scenario and Process (Yes/No)

  • Rollback plan is documented.

Dependency Impact Assessed and Regression Tested (Yes/No)

  • All impacted internal modules, APIs, services, and third-party libraries are analyzed.
  • Results are reviewed and confirmed to not break existing functionality.

Checklist

  • Related issue linked (if applicable)
  • Task version was bumped — see versioning guide
  • Verified the task behaves as expected

@v-gayatrij
Copy link
Contributor Author

v-gayatrij commented Feb 18, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 18, 2026

Azure Pipelines successfully started running 3 pipeline(s).

@v-gayatrij v-gayatrij marked this pull request as ready for review February 18, 2026 04:47
@v-gayatrij v-gayatrij requested a review from marianan as a code owner February 18, 2026 04:47
@v-gayatrij v-gayatrij changed the title update docker-common package Update docker-common package in AzureIoTEdgeV2 task Feb 23, 2026
@v-gayatrij
Copy link
Contributor Author

v-gayatrij commented Feb 25, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 25, 2026

Azure Pipelines successfully started running 3 pipeline(s).

@v-gayatrij
Copy link
Contributor Author

v-gayatrij commented Feb 26, 2026

/azp run

@v-gayatrij v-gayatrij enabled auto-merge (squash) February 26, 2026 08:27
@azure-pipelines
Copy link

azure-pipelines bot commented Feb 26, 2026

Azure Pipelines successfully started running 3 pipeline(s).

@v-gayatrij
Copy link
Contributor Author

v-gayatrij commented Feb 27, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 27, 2026

Azure Pipelines successfully started running 3 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marianan marianan marianan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@v-gayatrij @marianan