Skip to content

[Snyk] Security upgrade ubuntu from noble-20250925 to 24.04 #288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kevin-benton wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade ubuntu from noble-20250925 to 24.04 #288

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
31c79b3
fix: docker/util/Dockerfile to reduce vulnerabilities
snyk-bot Jan 17, 2026
c6fc6cf
Bump util Docker image version for Ubuntu 24.04 base upgrade (#289)
Copilot Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion data_structures/flag_filter.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ task validate_string_is_12bit_int {
>>>

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down
6 changes: 3 additions & 3 deletions data_structures/read_group.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ task get_read_groups {

runtime {
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -356,7 +356,7 @@ task validate_read_group {
>>>

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -412,7 +412,7 @@ task inner_read_group_to_string {
}

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
2 changes: 1 addition & 1 deletion docker/util/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ubuntu:noble-20250925
FROM ubuntu:24.04

Check failure

Code scanning / Snyk Container

Medium severity - Use After Free vulnerability in libxslt High

This file introduces a vulnerable libxslt package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Directory Traversal vulnerability in pam High

This file introduces a vulnerable pam package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Directory Traversal vulnerability in python-pip High

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Use After Free vulnerability in xorg High

This file introduces a vulnerable xorg package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Buffer Overflow vulnerability in icu High

This file introduces a vulnerable icu package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - XML Injection vulnerability in fonttools Critical

This file introduces a vulnerable fonttools package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Out-of-Bounds vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Out-of-bounds Read vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Out-of-bounds Read vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Out-of-Bounds vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Out-of-Bounds vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Double Free vulnerability in patch High

This file introduces a vulnerable patch package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in python-pip High

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Allocation of Resources Without Limits or Throttling vulnerability in python-pip High

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Allocation of Resources Without Limits or Throttling vulnerability in glibc High

This file introduces a vulnerable glibc package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in python-pip High

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Medium severity - Out-of-bounds Read vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Out-of-bounds Read vulnerability in hdf5 Critical

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Out-of-bounds Read vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Out-of-bounds Read vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check failure

Code scanning / Snyk Container

Low severity - Use After Free vulnerability in hdf5 High

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Improper Resource Shutdown or Release vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Out-of-bounds Write vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Improper Verification of Cryptographic Signature vulnerability in gnupg2 Medium

This file introduces a vulnerable gnupg2 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Use After Free vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-bounds Read vulnerability in libheif Warning

This file introduces a vulnerable libheif package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Algorithmic Complexity vulnerability in expat Medium

This file introduces a vulnerable expat package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in binutils Medium

This file introduces a vulnerable binutils package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in binutils Medium

This file introduces a vulnerable binutils package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Expired Pointer Dereference vulnerability in libxslt Medium

This file introduces a vulnerable libxslt package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Allocation of Resources Without Limits or Throttling vulnerability in binutils Medium

This file introduces a vulnerable binutils package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Improper Input Validation vulnerability in coreutils Medium

This file introduces a vulnerable coreutils package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Race Condition vulnerability in htslib Medium

This file introduces a vulnerable htslib package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - CVE-2024-38949 vulnerability in libde265 Warning

This file introduces a vulnerable libde265 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - CVE-2024-38950 vulnerability in libde265 Warning

This file introduces a vulnerable libde265 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Allocation of Resources Without Limits or Throttling vulnerability in openjpeg2 Medium

This file introduces a vulnerable openjpeg2 package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Resource Exhaustion vulnerability in openjpeg2 Warning

This file introduces a vulnerable openjpeg2 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Resource Exhaustion vulnerability in openjpeg2 Warning

This file introduces a vulnerable openjpeg2 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Low severity - Release of Invalid Pointer or Reference vulnerability in patch Medium

This file introduces a vulnerable patch package with a low severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - CVE-2024-35195 vulnerability in python-pip Warning

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Open Redirect vulnerability in wget Medium

This file introduces a vulnerable wget package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-bounds Read vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Divide By Zero vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - CVE-2023-45803 vulnerability in python-pip Medium

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - NULL Pointer Dereference vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Out-of-bounds Read vulnerability in hdf5 Medium

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Insufficiently Protected Credentials vulnerability in python-pip Warning

This file introduces a vulnerable python-pip package with a medium severity vulnerability.

Check warning

Code scanning / Snyk Container

Medium severity - Directory Traversal vulnerability in tar Warning

This file introduces a vulnerable tar package with a medium severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2025-10148 vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Out-of-bounds Write vulnerability in gnupg2 Low

This file introduces a vulnerable gnupg2 package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2024-25269 vulnerability in libheif Note

This file introduces a vulnerable libheif package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Out-of-bounds Read vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Medium severity - Out-of-bounds Write vulnerability in hdf5 Low

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Memory Leak vulnerability in binutils Low

This file introduces a vulnerable binutils package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Information Exposure vulnerability in libgcrypt20 Note

This file introduces a vulnerable libgcrypt20 package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in binutils Low

This file introduces a vulnerable binutils package with a medium severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2025-15224 vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2025-15079 vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2024-41996 vulnerability in openssl Note

This file introduces a vulnerable openssl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2025-14819 vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Open Redirect vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2024-56433 vulnerability in shadow Note

This file introduces a vulnerable shadow package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Medium severity - Out-of-Bounds vulnerability in hdf5 Low

This file introduces a vulnerable hdf5 package with a medium severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - CVE-2025-0167 vulnerability in curl Note

This file introduces a vulnerable curl package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Out-of-Bounds vulnerability in hdf5 Low

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - Resource Exhaustion vulnerability in hdf5 Low

This file introduces a vulnerable hdf5 package with a low severity vulnerability.

Check notice

Code scanning / Snyk Container

Low severity - NULL Pointer Dereference vulnerability in harfbuzz Note

This file introduces a vulnerable harfbuzz package with a low severity vulnerability.

RUN apt-get update \
&& apt-get upgrade -y \
Expand Down
2 changes: 1 addition & 1 deletion docker/util/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{
"name": "util",
"version": "3.0.1"
"version": "3.0.2"
}
2 changes: 1 addition & 1 deletion tools/htseq.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ task calc_tpm {
runtime {
memory: "4 GB"
disks: "10 GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
2 changes: 1 addition & 1 deletion tools/md5sum.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ task compute_checksum {

runtime {
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
14 changes: 7 additions & 7 deletions tools/util.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ task download {

runtime {
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -80,7 +80,7 @@ task split_string {
}

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -128,7 +128,7 @@ task calc_feature_lengths {
runtime {
memory: "16 GB"
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -247,7 +247,7 @@ task unpack_tarball {

runtime {
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -351,7 +351,7 @@ task global_phred_scores {
runtime {
memory: "4 GB"
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -398,7 +398,7 @@ task check_fastq_and_rg_concordance {
>>>

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Expand Down Expand Up @@ -462,7 +462,7 @@ task split_fastq {
cpu: ncpu
memory: "4 GB"
disks: "~{disk_size_gb} GB"
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
2 changes: 1 addition & 1 deletion workflows/dnaseq/dnaseq-standard.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ task parse_input {
>>>

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
2 changes: 1 addition & 1 deletion workflows/qc/quality-check-standard.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,7 +547,7 @@ task parse_input {
}

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
2 changes: 1 addition & 1 deletion workflows/rnaseq/rnaseq-standard.wdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ task parse_input {
>>>

runtime {
container: "ghcr.io/stjudecloud/util:3.0.1"
container: "ghcr.io/stjudecloud/util:3.0.2"
maxRetries: 1
}
}
Loading