Docker image - vulnerabilities

[Outsidewall]

Environment

Self-Hosted (Docker)

System

Docker (Various)

Version

3.1.1

Describe the problem

I have been running dashy (Docker image) on both Windows and Linux, I have noticed that, there are a number of Critical and Serious vulnerabilities with the image. Scout on Windows lists these very well, on both the latest and Auto tags. Are there any plans to address these? I love this method of displaying links/apps etc, I'm very concerned of continuing to use it with these vulnerabilities.

Additional info

No response

Please tick the boxes

• [X] You have explained the issue clearly, and included all relevant info
• [X] You are using a supported version of Dashy
• [X] You've checked that this issue hasn't already been raised
• [X] You've checked the docs and troubleshooting guide
• [X] You agree to the code of conduct

[CrazyWolf13]

Hi We take security quite seriously, could you share which vulnerabilites exactly you mean?

The ones displayed by node/npm/yarn ?

I think they have been discussed before but were marked as non-critical for dashy, but we can defenitely take a look.

[Outsidewall]

Hello,

I use the following system to review the vulnerabilities of docker images, Docker Scout, which is embedded in the Windows Docker Environment, you will see from below that there are a number of vulnerabilities in the latest tag, I have also checked the auto tag which has also many vulnerabilities. Would suggest you run the Windows docker environment yourself have a interactive view of the issues.