Security vulnerabilities in Docker image

[BernhardFuchs]

When scanning the image uport/uni-resolver-driver-did-uport:4.3.0 with trivy there are multiple security issues found. This prevents us from using the driver on production systems.

[mirceanis]

I'm not sure if the list generated by trivy would ever be entirely fixable.

The entry point into this container is an expressjs server (nodejs), so I've looked at some of the HIGH and CRITICAL vulnerabilities listed for the node packages in the :latest (v5.0.0) tag.
There are 2 packages mentioned (json5 and @babel/traverse)and both of them are only used in testing, not accessible from the entry point.

The other vulnerabilities listed are coming from system packages that seem to be unusable from the entry point and for those there are no fixed versions.

@BernhardFuchs how do you fix other containers that get flagged by trivy this way?