Security Vulnerabilities in redoc-cli Dependencies

[mendezgutierrezh]

Problem Description

Hi, I have noticed that redoc-cli is using several dependencies that have reported critical security vulnerabilities. Despite attempts to update these dependencies using npm audit fix and npm audit fix --force, the following vulnerabilities still persist:

1. @babel/traverse (<7.23.2) 2.

   • Severity**: Critical
   • Problem: Babel vulnerable to arbitrary code execution when compiling maliciously crafted code.
   • Enlace: GHSA-67hx-6x53-jw92

2. browserify-sign (2.6.0 - 4.2.1).

   • Severity**: High
   • Problem: Problem in upper bounds verification in dsaVerify leading to a signature forgery attack.
   • Link: GHSA-x9w5-v3q2-3rhw

3. webpack (5.0.0 - 5.75.0).

   • Severity**: Critical
   • Problem: Object access between different environments in Webpack 5.
   • Link: GHSA-hc6q-2mpp-qw7j

Request

It would be very beneficial to the community using redoc-cli if these dependencies were upgraded to more secure versions. I understand that some of these updates may involve significant changes, but addressing these vulnerabilities is crucial to the security of all projects that rely on redoc-cli.

[lornajane]

Thanks for getting in touch with us. The redoc-cli tool has been replaced by Redocly CLI, which is actively maintained. A migration guide is available to make the process easier.

Since there's no further action needed on this repository, I'll close this issue - but do please let us know if you need anything else!