Skip to content

Update 7-Zip to version 24.09 #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Update 7-Zip to version 24.09 #266

wants to merge 4 commits into from

Conversation

dassayantan24
Copy link

@dassayantan24 dassayantan24 commented Jul 14, 2025
edited
Loading

Description:

We are using the tool-lib library in multiple Azure pipeline tasks, and the older version of 7-Zip has the potential to be flagged as a security vulnerability.

Work-Item: https://dev.azure.com/mseng/AzureDevOps/_workitems/edit/2299591
Related ICM: https://portal.microsofticm.com/imp/v5/incidents/details/633422222/summary

Fix:

Updated the 7-Zip binaries from the blob storage to the latest version 24.09
https://vstsagenttools.blob.core.windows.net/tools/7zip/24.09/7zip.zip

Testing:

Screenshot 2025-07-17 175835 image

@dassayantan24 dassayantan24 requested review from a team as code owners July 14, 2025 08:40
@MantavyaDh
Copy link

Is there any specific reason we are not using the latest 7zip version 24.09 ? It is also present in the blob storage.

@tarunramsinghani
Copy link
Contributor

In what tasks this is being used, did we test any task with these changes ?

sanjuyadav24
sanjuyadav24 reviewed Jul 14, 2025
View reviewed changes
Copy link

@sanjuyadav24 sanjuyadav24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you please share the plan to update these dependencies in task as well, as merging these PRs without validating task changes might block future releases of tool-lib

@dassayantan24 dassayantan24 changed the title Update 7-Zip to version 24.08. Update 7-Zip to version 24.09. Jul 15, 2025
@dassayantan24 dassayantan24 changed the title Update 7-Zip to version 24.09. Update 7-Zip to version 24.09 Jul 15, 2025
@dassayantan24
Copy link
Author

Is there any specific reason we are not using the latest 7zip version 24.09 ? It is also present in the blob storage.

I have updated the 7zip to the latest version 24.09

@tarunramsinghani tarunramsinghani self-requested a review July 18, 2025 05:52
@tarunramsinghani tarunramsinghani dismissed their stale review July 18, 2025 05:53

We need to check for package-lock changes

@tarunramsinghani
Copy link
Contributor

We should not see so many changes in package-lock file. can you ceck if you are using the same node version in your local machine as we aare in out CI/build pipeline for this repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sanjuyadav24 sanjuyadav24 sanjuyadav24 left review comments

@tarunramsinghani tarunramsinghani tarunramsinghani approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dassayantan24 @MantavyaDh @tarunramsinghani @sanjuyadav24