Skip to content

[Snyk] Security upgrade ubuntu from noble-20250925 to 24.04 #288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kevin-benton wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade ubuntu from noble-20250925 to 24.04 #288

kevin-benton wants to merge 2 commits into from

Conversation

@kevin-benton
Copy link
Contributor

@kevin-benton kevin-benton commented Jan 17, 2026

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • docker/util/Dockerfile

We recommend upgrading to ubuntu:24.04, as this image has only 8 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Out-of-bounds Write
SNYK-UBUNTU2404-GNUPG2-14849555		   281  
medium severity Directory Traversal
SNYK-UBUNTU2404-PAM-11936905		   231  
medium severity Directory Traversal
SNYK-UBUNTU2404-PAM-11936905		   231  
medium severity Directory Traversal
SNYK-UBUNTU2404-PAM-11936905		   231  
medium severity Directory Traversal
SNYK-UBUNTU2404-PAM-11936905		   231  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Out-of-bounds Write
🦉 Directory Traversal

@kevin-benton
Copy link
Contributor Author

kevin-benton commented Jan 17, 2026

Merge Risk: Low

This is an update from a development build (noble-20250925) to the stable Long-Term Support (LTS) release of Ubuntu 24.04. This process primarily involves stabilization, security patches, and bug fixes to transition from a pre-release to a production-ready state. No breaking changes are expected as it is within the same "Noble Numbat" release series.

Source: Ubuntu release documentation

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@adthrasher
Copy link
Member

adthrasher commented Jan 21, 2026

The corresponding package.json needs to have the version updated. All references to the image also need to be bumped to the new version.

Copilot AI mentioned this pull request Jan 21, 2026
Merged
6 tasks
@adthrasher
Bump util Docker image version for Ubuntu 24.04 base upgrade (#289)
c6fc6cf 
Completes Snyk PR #288 which upgraded the util Dockerfile base image
from `ubuntu:noble-20250925` to `ubuntu:24.04` (fixes CVE-2024-53055 and
CVE-2024-53924). The Dockerfile change alone would fail CI validation -
container version tags must match package.json and all WDL workflow
references must use the current version.

## Changes

- Bumped `docker/util/package.json` version: `3.0.1` → `3.0.2`
- Updated 16 container references across 9 WDL files to use
`ghcr.io/stjudecloud/util:3.0.2`

## Affected Files

**Config:**
- `docker/util/package.json`

**Workflows using util container:**
- `data_structures/flag_filter.wdl`
- `data_structures/read_group.wdl` (3 references)
- `tools/htseq.wdl`
- `tools/md5sum.wdl`
- `tools/util.wdl` (7 references)
- `workflows/dnaseq/dnaseq-standard.wdl`
- `workflows/qc/quality-check-standard.wdl`
- `workflows/rnaseq/rnaseq-standard.wdl`

Before submitting this PR, please make sure:

- [x] You have added a few sentences describing the PR here.
- [x] The code passes all CI tests without any errors or warnings.
- [x] You have added tests (when appropriate).
- [x] You have added an entry in any relevant CHANGELOGs (when
appropriate).
- [x] If you have made any changes to the `scripts/` or `docker/`
directories, please ensure any image versions have been incremented
accordingly!
- [x] You have updated the README or other documentation to account for
these changes (when appropriate).

<!-- START COPILOT CODING AGENT SUFFIX -->



<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> Pull Request: #288


</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: adthrasher <1165729+adthrasher@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 21, 2026
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Snyk Container found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kevin-benton @adthrasher @snyk-bot