Fix CVE-2024-34156 by updating to AzCopy version 10.30.0

[Copilot]

Security Update

This PR addresses a security vulnerability (CVE-2024-34156) that affects the Go standard library's encoding/gob package, which could potentially impact AzCopy.

Changes

• Updated AzCopy version to 10.30.0
• Added documentation in the changelog about the security fix
• Explicitly noted that we're using Go 1.24.2, which includes the fix for this vulnerability

Technical Details

• CVE-2024-34156 is related to the Decoder.Decode function in the encoding/gob package, where deeply nested structures can cause a panic due to stack exhaustion
• The vulnerability is fixed in Go 1.22.7 and 1.23.1, and we're using Go 1.24.2 which incorporates these fixes
• This update ensures that the @azure-tools/azcopy-node package can reference this new version to mitigate the vulnerability

Fixes #3008.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• azcopyvnextrelease.z22.web.core.windows.net
  • Triggering command: ./azcopy --version (dns block)
• go-review.googlesource.com
  • Triggering command: wget -q -O- REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.