Upstream risks and vulnerability assessment

Dockerhub scans some of the images. You can see the results, e.g. docker/compose. Might be interesting to know what the vulnerabilities are I suppose, but, well, less red would be good.