Skip to content

Update docker-common package in AzureIoTEdgeV2 task#21848

Open
v-gayatrij wants to merge 5 commits intomasterfrom
users/v-gayjaiswal/jws-cg-fixes-AzureIoTEdge
Open

Update docker-common package in AzureIoTEdgeV2 task#21848
v-gayatrij wants to merge 5 commits intomasterfrom
users/v-gayjaiswal/jws-cg-fixes-AzureIoTEdge

Conversation

@v-gayatrij
Copy link
Contributor

@v-gayatrij v-gayatrij commented Feb 18, 2026

Context

AB#2339822
Jws v3.2.2 present in docker-common package v2.242.0 has vulnerabilities.
image

The latest version of docker-common uses jws v4.0.1 which is non vulnerable.


Task Name

AzureIoTEdgeV2


Description

Summarize the changes made in this PR clearly and concisely.

Update docker-common package in AzureIoTEdgeV2 task to resolve jws CG vulnerability.


Risk Assessment (Low / Medium / High)

Low


Change Behind Feature Flag (Yes / No)

Can this change be behine feature flag, if not why?


Tech Design / Approach

  • Design has been written and reviewed.
  • Any architectural decisions, trade-offs, and alternatives are captured.

Documentation Changes Required (Yes/No)

Indicate whether related documentation needs to be updated.

  • User guides, API specs, system diagrams, or runbooks are updated.

Unit Tests Added or Updated (Yes / No)

N


Additional Testing Performed

List all other tests performed (manual or automated, including integration, regression, scenario tests, etc.).


Logging Added/Updated (Yes/No)

  • Appropriate log statements are added with meaningful messages.
  • Logging does not expose sensitive data.
  • Log levels are used correctly (e.g., info, warn, error).

Telemetry Added/Updated (Yes/No)

  • Custom telemetry (e.g., counters, timers, error tracking) is added as needed.
  • Events are tagged with proper metadata for filtering and analysis.
  • Telemetry is validated in staging or test environments.

Rollback Scenario and Process (Yes/No)

  • Rollback plan is documented.

Dependency Impact Assessed and Regression Tested (Yes/No)

  • All impacted internal modules, APIs, services, and third-party libraries are analyzed.
  • Results are reviewed and confirmed to not break existing functionality.

Checklist

  • Related issue linked (if applicable)
  • Task version was bumped — see versioning guide
  • Verified the task behaves as expected

@v-gayatrij
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@v-gayatrij v-gayatrij marked this pull request as ready for review February 18, 2026 04:47
@v-gayatrij v-gayatrij requested a review from marianan as a code owner February 18, 2026 04:47
@v-gayatrij v-gayatrij changed the title update docker-common package Update docker-common package in AzureIoTEdgeV2 task Feb 23, 2026
@v-gayatrij
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@v-gayatrij
Copy link
Contributor Author

/azp run

@v-gayatrij v-gayatrij enabled auto-merge (squash) February 26, 2026 08:27
@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@v-gayatrij
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants