From 9effd03e9420f04c9e2130996aa28e7532726ce1 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Sat, 14 Jun 2025 01:50:11 +0000
Subject: [PATCH 1/2] test: fix CVE-2025-4673 in trivy action

---
 .github/workflows/trivy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index c0b998a04..f9e912be3 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -12,7 +12,7 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.24.2
+          go-version: 1.24.4
         id: go
 
       - name: Checkout code

From eb95f3603c54370a5fcd7c9d18981c961205f151 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Sat, 14 Jun 2025 02:05:07 +0000
Subject: [PATCH 2/2] test: ignore CVE error in azcopy

---
 .trivyignore | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 000000000..ffb1fe532
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,3 @@
+CVE-2025-22874
+CVE-2025-4673
+CVE-2025-0913