Dockerfile vulnerability - `Specify at least 1 USER command in Dockerfile with non-root user as argument`

[thevirajshelke]

So apparently I am using this package and when I generate a final docker image of my project and use a Trivy to scan my container image I am getting the following issue/vulnerability - Specify at least 1 USER command in Dockerfile with non-root user as argument

Detailed Description

The Trivy scan of my project's container is giving the following issue,

app/node_modules/swagger2openapi/Dockerfile (dockerfile)
========================================================
Tests: 21 (SUCCESSES: 20, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (MEDIUM: 0, HIGH: 1, CRITICAL: 0)
HIGH: Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
See https://avd.aquasec.com/misconfig/ds002
────────────────────────────────────────

This issue is coming from the path app/node_modules/swagger2openapi/Dockerfile (dockerfile) Ideally we should add the USER command and also do we really need to ship dockerfile as part of the final npm package?

Other stuff

The package version (swagger2openapi)- v7.0.8

[MikeRalphson]

Thanks, I don't really use Docker (especially not for my own projects) but a PR to fix both issues would be welcome.