I think you could just give it a try and see what happens. A bunch of people have a full time job of managing security and library versions.
But wait. If you’re looking at the base Docker image (oh, maybe you do mean the image that you built; I can’t quite tell), then I’d think that your job is impossible, since lots of that stuff gets managed in the Discourse source. For example, this commit upgrades Rack to 2.2.20. The version in the base docker image doesn’t matter. You probably want to build your image with launcher and then see what versions of stuff you have. You could then add some yaml to remove go and python, for example.
Also, there are a bunch of security issues that are issues only when there are other users on the system, so having those in your Docker container doesn’t really matter, so it’s not likely to be a priority for the Discourse team.