You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The redoc/benchmark/index.html file references an obsolete version of lodash (4.17.4) with a known vulnerability that was fixed in later versions. The latest version is 4.17.21, which seems to have fixed the problem. Could the vulnerable version be replaced with the fixed version? Is the benchmark folder necessary to run redoc?
Expected behavior
I expected redoc to pass muster with the security team at my company, but it was rejected because of the known vulnerability. See attached file. Redoc ML-vulnerability-report.xlsx
Minimal reproducible OpenAPI snippet(if possible)
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
So if I use NPM to install redoc, the benchmark/index.html file is not included?On Apr 25, 2024 8:19 AM, Alex Varchuk ***@***.***> wrote:
we do not include redoc/benchmark/index.html to lib code. Later we'll fix that
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
Describe the bug
The redoc/benchmark/index.html file references an obsolete version of lodash (4.17.4) with a known vulnerability that was fixed in later versions. The latest version is 4.17.21, which seems to have fixed the problem. Could the vulnerable version be replaced with the fixed version? Is the benchmark folder necessary to run redoc?
Expected behavior
I expected redoc to pass muster with the security team at my company, but it was rejected because of the known vulnerability. See attached file.
Redoc ML-vulnerability-report.xlsx
Minimal reproducible OpenAPI snippet(if possible)
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: