Closed mendezgutierrezh closed 6 months ago
Thanks for getting in touch with us. The redoc-cli
tool has been replaced by Redocly CLI, which is actively maintained. A migration guide is available to make the process easier.
Since there's no further action needed on this repository, I'll close this issue - but do please let us know if you need anything else!
Problem Description
Hi, I have noticed that
redoc-cli
is using several dependencies that have reported critical security vulnerabilities. Despite attempts to update these dependencies usingnpm audit fix
andnpm audit fix --force
, the following vulnerabilities still persist:@babel/traverse (<7.23.2) 2.
browserify-sign (2.6.0 - 4.2.1).
dsaVerify
leading to a signature forgery attack.webpack (5.0.0 - 5.75.0).
Request
It would be very beneficial to the community using
redoc-cli
if these dependencies were upgraded to more secure versions. I understand that some of these updates may involve significant changes, but addressing these vulnerabilities is crucial to the security of all projects that rely onredoc-cli
.