Closed manojselvin closed 5 months ago
Hi @manojselvin,
Thank you for reaching out.
I believe that you are using the outdated version of Redocly CLI (0.13.21
, while the latest available is 1.8.1
).
Thus, is there a chance you could install the latest available version of Redocly CLI by executing the following command and check, whether it resolves this matter?
npm i -g @redocly/cli@latest
Issue: Bug Report
Description: When running
npm audit
on theredoc-cli
version0.13.21
, a high-severity vulnerability is reported in thebrowserify-sign
package (2.6.0 - 4.2.1
). The issue is related to an upper-bound check vulnerability indsaVerify
, which could potentially lead to a signature forgery attack.Expected Behavior: The expectation is to update the dependencies, particularly
browserify-sign
, to use the latest version to mitigate the reported security vulnerability.Reproducible Steps:
npm audit
onredoc-cli
version0.13.21
.browserify-sign
(2.6.0 - 4.2.1
).Output of
npm audit
:Screenshots: