Azure CLI docker image jp dependency is dated and triggers security scanners

[octavian-mto]

Describe the bug

The jp (jmespath) dependency is stuck at version 0.2.1 (released in 2021) due to the maintainer not focusing on the project anymore.
Since the executable is using an older version of go (1.17.1), it triggers container image scanners

Here are the related bug reports on the jp side: jmespath/jp#51 and jmespath/jp#46

Related command

FROM mcr.microsoft.com/azure-cli

Errors

CVE-2021-38297
CVE-2023-24538
CVE-2024-24790
CVE-2023-24540
CVE-2023-29402
CVE-2023-29404
CVE-2023-29405

Issue script & Debug output

See above

Expected behavior

No security vulnerabilities are reported when using mcr.microsoft.com/azure-cli

Environment Summary

# az --version
azure-cli                         2.62.0

core                              2.62.0
telemetry                          1.1.0

Dependencies:
msal                              1.28.1
azure-mgmt-resource               23.1.1

Python location '/usr/local/bin/python'
Extensions directory '/root/.azure/cliextensions'

Python (Linux) 3.11.9 (main, Jul  3 2024, 00:15:49) [GCC 13.2.1 20240309]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.