redoc icon indicating copy to clipboard operation
redoc copied to clipboard
verified publisher icon Redocly

Installing redoc-cli with npm brings in terser with CVE-2022-25858

Open ndenney3 opened this issue 3 years ago • 1 comments

Describe the bug Installing redoc-cli with npm also installs terser version 5.10.0 which is listed in CVE-2022-25858.

Expected behavior terser version 5.15.0 should be installed instead

ndenney3 avatar Aug 31 '22 18:08 ndenney3

Hi @ndenney3, thank you for your issue. We have dependency html-webpack-plugin -> html-minifier-terser->terser. The latest version of html-webpack-plugin is 5.5.0 not resolve this issue. When it'll updates we fix that. If we miss the release of html-webpack-plugin please ping us. Thanks.

AlexVarchuk avatar Sep 06 '22 12:09 AlexVarchuk

Hi we already do not support redoc-cli. Instead you can use redocly-cli. You can find documentations about all commands here.

I believe that issue already fixed there.

If you have any issues or feedback open it in @redoc/cli.

AlexVarchuk avatar May 18 '23 16:05 AlexVarchuk