Vulnerabilities in packages of the latest stable self-hosted version

💬 Queries and Resources
1

  • Goal: I want to have a docker image with the least vulnerabilityes

  • Steps: I've tried manually upgrading the npm packages with npm install nad pnpm as well

  • Details: The Retool latest stable version 3.114.11-stable seems to have
    25 Critical
    44 High
    31 Medium

I want to upgrade packages if possible to remove these vulnerabilities. This is part of our security policies. Please let me know if there's an image that vulnerabilities resolved or how I can upgrade packages safely ?

Thanks

3

Hi @Shreyas_Shreenivas1,

From our security team on this subject:

"There is no image with no npm vulnerabilities, and unfortunately there isn’t really a way for them to upgrade the vulnerabilities themselves. They can send over the vulnerability list if needed".

"There shouldn’t be any outstanding npm vulnerabilities that are reachable and/or introduce meaningful security risk in the current image".