Docker image - vulnerabilities

[Outsidewall]

Environment

Self-Hosted (Docker)

System

Docker (Various)

Version

3.1.1

Describe the problem

I have been running dashy (Docker image) on both Windows and Linux, I have noticed that, there are a number of Critical and Serious vulnerabilities with the image. Scout on Windows lists these very well, on both the latest and Auto tags. Are there any plans to address these?
I love this method of displaying links/apps etc, I'm very concerned of continuing to use it with these vulnerabilities.

Additional info

No response

Please tick the boxes

• You have explained the issue clearly, and included all relevant info
• You are using a supported version of Dashy
• You've checked that this issue hasn't already been raised
• You've checked the docs and troubleshooting guide
• You agree to the code of conduct

[CrazyWolf13]

Hi
We take security quite seriously, could you share which vulnerabilites exactly you mean?

The ones displayed by node/npm/yarn ?

I think they have been discussed before but were marked as non-critical for dashy, but we can defenitely take a look.

[Outsidewall]

Hello,

I use the following system to review the vulnerabilities of docker images, Docker Scout, which is embedded in the Windows Docker Environment, you will see from below that there are a number of vulnerabilities in the latest tag, I have also checked the auto tag which has also many vulnerabilities. Would suggest you run the Windows docker environment yourself have a interactive view of the issues.

[liss-bot]

This issue has gone 3 months without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.

[liss-bot]

This issue has gone 4 months without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 7 days.