nextflow-io / nf-schema

Functionality for working with pipeline and sample sheet schema files in Nextflow pipelines
https://nextflow-io.github.io/nf-schema/
Apache License 2.0
12 stars 21 forks source link

request: vulnerability fix #36

Closed mvforster closed 4 months ago

mvforster commented 5 months ago

Following the inclusion of your plugin within a NextFlow (24.04.2) container that I am building, a scan of the container detected an issue with the org.json/json 20230227 package.

The associated CVES is lined here which is a duplicate of this issue and has been reported to be fixed by this Pull Request

The vulnerability was reported by Docker Scout v1.8.0.

Would it be possible to patch this vulnerability in nf-schema? I am keen to use nf-schema as part of my workflow but will not be able to do so until the vulnerability has been patched.

Many thanks for your assistance with this.

nvnieuwk commented 4 months ago

Hi thank you for reporting this! I'll have a look how much work this would be

nvnieuwk commented 4 months ago

(Sorry for the long wait, it seems like the notification for your issue got lost in between all other notifications :grin:)

mvforster commented 4 months ago

Thanks for the prompt action, @nvnieuwk :) I get that notifications can get lost. I can see that the patch is well underway.

I hope it doesn't break anything.

nvnieuwk commented 4 months ago

It's looking fine at the moment. All tests seem to pass :). People can still revert back to v2.0.0 if it causes issues

nvnieuwk commented 4 months ago

The fix has been implemented in version 2.0.1 :partying_face:

mvforster commented 4 months ago

Thanks for the prompt action :confetti_ball: