Prism docker image vulnerabilities

[landrito]

snyk.io scan of the spotlight/prism docker image is reporting 17 vulnerabilities due to using node:16 as the base image. Upgrading docker image to use node:18.20.1 resolves all but one low risk vulnerability.

Context

I am unable to use the image due to these vulnerabilities.

Current Behavior

The following CVEs are getting reported for the current docker image:

1. CVE-2023-5363
2. CVE-2023-6129
3. CVE-2023-5678
4. CVE-2024-0727
5. CVE-2024-27983
6. CVE-2024-2511
7. CVE-2024-21892
8. CVE-2024-22019
9. CVE-2024-27982
10. CVE-2023-6237
11. CVE-2023-46809
12. CVE-2024-24758

Expected Behavior

No Vulnerabilities

Possible Workaround/Solution

Fork the repo and replace node:16 with node:18.20.1 in the Dockerfile.

Steps to Reproduce

Vulnerability scan the docker file.

Environment

N/A

[github-actions]

This ticket has been labeled jira. A tracking ticket in Stoplight's Jira (STOP-490) has been created.