From c40fb4040696d330a909af20e4a0704b5a60bf9e Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Tue, 29 Apr 2025 03:51:17 +0000
Subject: [PATCH 1/2] chore: upgrade azcopy to v10.29.0

---
 .trivyignore              | 2 --
 pkg/blobplugin/Dockerfile | 2 +-
 test/sanity/run-test.sh   | 2 +-
 3 files changed, 2 insertions(+), 4 deletions(-)
 delete mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
deleted file mode 100644
index 1abb01463..000000000
--- a/.trivyignore
+++ /dev/null
@@ -1,2 +0,0 @@
-CVE-2025-22871
-CVE-2025-22872
diff --git a/pkg/blobplugin/Dockerfile b/pkg/blobplugin/Dockerfile
index d58c2e603..62d066ebf 100644
--- a/pkg/blobplugin/Dockerfile
+++ b/pkg/blobplugin/Dockerfile
@@ -32,7 +32,7 @@ RUN if [ "$ARCH" = "arm64" ]; then \
     fi
 
 # install azcopy
-RUN curl -Ls https://azcopyvnext-awgzd8g7aagqhzhe.b02.azurefd.net/releases/release-10.28.1-20250326/azcopy_linux_${ARCH}_10.28.1.tar.gz \
+RUN curl -Ls https://azcopyvnext-awgzd8g7aagqhzhe.b02.azurefd.net/releases/release-10.29.0-20250428/azcopy_linux_${ARCH}_10.29.0.tar.gz \
         | tar xvzf - --strip-components=1 -C /usr/local/bin/ --wildcards "*/azcopy"
 
 # download blobfuse deb
diff --git a/test/sanity/run-test.sh b/test/sanity/run-test.sh
index e01b6af37..81eacf2d1 100755
--- a/test/sanity/run-test.sh
+++ b/test/sanity/run-test.sh
@@ -36,7 +36,7 @@ azcopyPath="/usr/local/bin/azcopy"
 if [ ! -f "$azcopyPath" ]; then
   azcopyTarFile="azcopy.tar.gz"
   echo 'Downloading azcopy...'
-  wget -O $azcopyTarFile azcopyvnext-awgzd8g7aagqhzhe.b02.azurefd.net/releases/release-10.28.1-20250326/azcopy_linux_amd64_10.28.1.tar.gz
+  wget -O $azcopyTarFile azcopyvnext-awgzd8g7aagqhzhe.b02.azurefd.net/releases/release-10.29.0-20250428/azcopy_linux_amd64_10.29.0.tar.gz
   tar -zxvf $azcopyTarFile
   mv ./azcopy*/azcopy /usr/local/bin/azcopy
   rm -rf ./$azcopyTarFile

From b5893da2cbcd5b516e7749744821946a1810050b Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Tue, 29 Apr 2025 03:57:56 +0000
Subject: [PATCH 2/2] test: ignore azcopy CVE-2025-22872 in trivy

---
 .trivyignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 000000000..2b0652f52
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1 @@
+CVE-2025-22872