feat: sec avoid vulnerable version of react

DmitryAnansky · DmitryAnansky · commit 66cda07f6156 · 2025-12-09T18:27:30.000+02:00
diff --git a/.changeset/kind-suits-change.md b/.changeset/kind-suits-change.md
@@ -0,0 +1,5 @@
+---
+"@redocly/cli": patch
+---
+
+Updated React dependency to avoid vulnerable React version (19.0.0) affected by CVE-2025-55182.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -196,6 +196,24 @@ To update snapshots, run `npm run e2e -- -u`.
 
 If you made any changes, make sure to compile the code before running the tests.
 
+### Smoke tests
+
+Smokes are for testing the CLI in different environments.
+
+To run them locally, please follow the steps described in the smoke GitHub actions: [smoke-basic](.github/workflows/smoke.yaml), [smoke-plugins](.github/workflows/smoke-plugins.yaml), [smoke-rebilly](.github/workflows/smoke-rebilly.yaml).
+
+To update smoke tests for the `build-docs` command (which sometimes fails due to external package updates), please follow the steps below:
+
+```sh
+# Build and install the current CLI build locally
+npm run compile
+npm run pack:prepare
+npm i -g redocly-cli.tgz
+
+# Re-build the docs
+(cd __tests__/smoke/ && redocly build-docs openapi.yaml -o pre-built/redoc.html)
+```
+
 ### Performance benchmark
 
 To run the performance benchmark locally, you should have `hyperfine` (v1.16.1+) installed on your machine.
diff --git a/__tests__/miscellaneous/apply-per-api-decorators/nested/redocly.yaml b/__tests__/miscellaneous/apply-per-api-decorators/nested/redocly.yaml
@@ -5,7 +5,7 @@ apis:
       test/version: on
       remove-unused-components: on
   test@external-url:
-    root: https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/main/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml
+    root: https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/v1/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml
     rules:
       info-contact: error
 plugins:
diff --git a/__tests__/miscellaneous/apply-per-api-decorators/snapshot.js b/__tests__/miscellaneous/apply-per-api-decorators/snapshot.js
@@ -37,15 +37,15 @@ components:
 
 bundling nested/openapi/main.yaml...
 📦 Created a bundle for nested/openapi/main.yaml at stdout <test>ms.
-bundling https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/main/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml...
-📦 Created a bundle for https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/main/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml at stdout <test>ms.
+bundling https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/v1/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml...
+📦 Created a bundle for https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/v1/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml at stdout <test>ms.
 
 `;
 
 exports[`E2E miscellaneous lint a specific api (when the api is specified as an alias and it points to an external URL) 1`] = `
 
-validating https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/main/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml...
-[1] https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/main/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml:2:1 at #/info/contact
+validating https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/v1/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml...
+[1] https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/v1/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml:2:1 at #/info/contact
 
 Info object should contain \`contact\` field.
 
@@ -58,7 +58,7 @@ Info object should contain \`contact\` field.
 Error was generated by the info-contact rule.
 
 
-https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/main/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml: validated in <test>ms
+https://raw.githubusercontent.com/Redocly/redocly-cli/refs/heads/v1/__tests__/miscellaneous/apply-per-api-decorators/nested/openapi/main.yaml: validated in <test>ms
 
 ❌ Validation failed with 1 error.
 run \`redocly lint --generate-ignore-file\` to add all problems to the ignore file.
diff --git a/__tests__/smoke/pre-built/redoc.html b/__tests__/smoke/pre-built/redoc.html
@@ -311,7 +311,7 @@
 " class="sc-eVqvcJ sc-fszimp sc-etsjJW kIppRw jnwENr ljKHqG"><p>OK</p>
 </div></button></div><div><button class="sc-jIDBmd ifAHvq"><svg class="sc-dntSTA jKYZgc" version="1.1" viewBox="0 0 24 24" x="0" xmlns="http://www.w3.org/2000/svg" y="0" aria-hidden="true"><polygon points="17.3 8.3 12 13.6 6.7 8.3 5.3 9.7 12 16.4 18.7 9.7 "></polygon></svg><strong class="sc-eJvlPh fBhAXU">400<!-- --> </strong><div html="&lt;p&gt;Bad request.&lt;/p&gt;
 " class="sc-eVqvcJ sc-fszimp sc-etsjJW kIppRw jnwENr ljKHqG"><p>Bad request.</p>
-</div></button></div></div></div><div class="sc-jwTyAe sc-hjsuWn bDYKKx FFPsr"><div class="sc-eZSpzM jjnszm"><button class="sc-buTqWO iPCVMX"><span type="get" class="sc-fQLpxn dynMBc http-verb get">get</span><span class="sc-jvKoal kZcHWP">/hello</span><svg class="sc-dntSTA iuNpUs" style="margin-right:-25px" version="1.1" viewBox="0 0 24 24" x="0" xmlns="http://www.w3.org/2000/svg" y="0" aria-hidden="true"><polygon points="17.3 8.3 12 13.6 6.7 8.3 5.3 9.7 12 16.4 18.7 9.7 "></polygon></svg></button><div aria-hidden="true" class="sc-ecJghI ga-DQLq"><div class="sc-iyBeIh icOxsG"><div html="" class="sc-eVqvcJ sc-fszimp kIppRw drqpJr"></div><div tabindex="0" role="button"><div class="sc-xKhEK okJpy"><span>http://redocly-example.com</span>/hello</div></div></div></div></div><div><h3 class="sc-lgpSej drJHMo"> <!-- -->Response samples<!-- --> </h3><div class="sc-cOpnSz fyxuKi" data-rttabs="true"><ul class="react-tabs__tab-list" role="tablist"><li class="tab-success react-tabs__tab--selected" role="tab" id="tab«R9pq»0" aria-selected="true" aria-disabled="false" aria-controls="panel«R9pq»0" tabindex="0" data-rttab="true">200</li><li class="tab-error" role="tab" id="tab«R9pq»1" aria-selected="false" aria-disabled="false" aria-controls="panel«R9pq»1" data-rttab="true">400</li></ul><div class="react-tabs__tab-panel react-tabs__tab-panel--selected" role="tabpanel" id="panel«R9pq»0" aria-labelledby="tab«R9pq»0"><div><div class="sc-bSFBcf iLdyBp"><span class="sc-gahYZc cXitJ">Content type</span><div class="sc-bAehkN iNRAJK">application/json</div></div><div class="sc-blIAwI eKKwxo"><div class="sc-dClGHI fdRrNy"><div class="sc-bbbBoY bBWkcI"><button><div class="sc-fYmhhH iNCOCX">Copy</div></button></div><div tabindex="0" class="sc-eVqvcJ kIppRw sc-fhfEft dFvLDb"><div class="redoc-json"><code><button class="collapser" aria-label="collapse"></button><span class="token punctuation">{</span><span class="ellipsis"></span><ul class="obj collapsible"><li><div class="hoverable "><span class="property token string">"message"</span>: <span class="token string">&quot;string&quot;</span></div></li></ul><span class="token punctuation">}</span></code></div></div></div></div></div></div><div class="react-tabs__tab-panel" role="tabpanel" id="panel«R9pq»1" aria-labelledby="tab«R9pq»1"></div></div></div></div></div></div></div><div class="sc-evkzZa iZqpqg"></div></div></div>
+</div></button></div></div></div><div class="sc-jwTyAe sc-hjsuWn bDYKKx FFPsr"><div class="sc-eZSpzM jjnszm"><button class="sc-buTqWO iPCVMX"><span type="get" class="sc-fQLpxn dynMBc http-verb get">get</span><span class="sc-jvKoal kZcHWP">/hello</span><svg class="sc-dntSTA iuNpUs" style="margin-right:-25px" version="1.1" viewBox="0 0 24 24" x="0" xmlns="http://www.w3.org/2000/svg" y="0" aria-hidden="true"><polygon points="17.3 8.3 12 13.6 6.7 8.3 5.3 9.7 12 16.4 18.7 9.7 "></polygon></svg></button><div aria-hidden="true" class="sc-ecJghI ga-DQLq"><div class="sc-iyBeIh icOxsG"><div html="" class="sc-eVqvcJ sc-fszimp kIppRw drqpJr"></div><div tabindex="0" role="button"><div class="sc-xKhEK okJpy"><span>http://redocly-example.com</span>/hello</div></div></div></div></div><div><h3 class="sc-lgpSej drJHMo"> <!-- -->Response samples<!-- --> </h3><div class="sc-cOpnSz fyxuKi" data-rttabs="true"><ul class="react-tabs__tab-list" role="tablist"><li class="tab-success react-tabs__tab--selected" role="tab" id="tab_R_9pq_0" aria-selected="true" aria-disabled="false" aria-controls="panel_R_9pq_0" tabindex="0" data-rttab="true">200</li><li class="tab-error" role="tab" id="tab_R_9pq_1" aria-selected="false" aria-disabled="false" aria-controls="panel_R_9pq_1" data-rttab="true">400</li></ul><div class="react-tabs__tab-panel react-tabs__tab-panel--selected" role="tabpanel" id="panel_R_9pq_0" aria-labelledby="tab_R_9pq_0"><div><div class="sc-bSFBcf iLdyBp"><span class="sc-gahYZc cXitJ">Content type</span><div class="sc-bAehkN iNRAJK">application/json</div></div><div class="sc-blIAwI eKKwxo"><div class="sc-dClGHI fdRrNy"><div class="sc-bbbBoY bBWkcI"><button><div class="sc-fYmhhH iNCOCX">Copy</div></button></div><div tabindex="0" class="sc-eVqvcJ kIppRw sc-fhfEft dFvLDb"><div class="redoc-json"><code><button class="collapser" aria-label="collapse"></button><span class="token punctuation">{</span><span class="ellipsis"></span><ul class="obj collapsible"><li><div class="hoverable "><span class="property token string">"message"</span>: <span class="token string">&quot;string&quot;</span></div></li></ul><span class="token punctuation">}</span></code></div></div></div></div></div></div><div class="react-tabs__tab-panel" role="tabpanel" id="panel_R_9pq_1" aria-labelledby="tab_R_9pq_1"></div></div></div></div></div></div></div><div class="sc-evkzZa iZqpqg"></div></div></div>
       <script>
       const __redoc_state = {"menu":{"activeItemIdx":-1},"spec":{"data":{"openapi":"3.1.0","servers":[{"url":"http://redocly-example.com"}],"info":{"title":"Sample API","version":"1.0.0"},"paths":{"/hello":{"get":{"operationId":"getMessage","security":[],"summary":"Get a greeting message","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/message-schema"}}}},"400":{"$ref":"#/components/responses/BadRequest"}}}}},"components":{"schemas":{"message-schema":{"type":"object","properties":{"message":{"type":"string"}}},"Error":{"type":"object","properties":{"type":{"type":"string","example":"object"},"title":{"type":"string","example":"Validation failed"}}}},"responses":{"BadRequest":{"description":"Bad request.","content":{"application/problem+json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}},"searchIndex":{"store":["operation/getMessage"],"index":{"version":"2.3.9","fields":["title","description"],"fieldVectors":[["title/0",[0,0.288,1,0.288]],["description/0",[2,0.288]]],"invertedIndex":[["greet",{"_index":0,"title":{"0":{}},"description":{}}],["hello",{"_index":2,"title":{},"description":{"0":{}}}],["messag",{"_index":1,"title":{"0":{}},"description":{}}]],"pipeline":[]}},"options":{}};
 
diff --git a/jest.config.js b/jest.config.js
@@ -3,6 +3,7 @@ module.exports = {
   restoreMocks: true,
   preset: 'ts-jest',
   testEnvironment: 'node',
+  transformIgnorePatterns: ['packages/.*/lib/.*'],
   collectCoverageFrom: [
     'packages/*/src/**/*.ts',
     '!packages/**/__tests__/**/*',
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/cli/package.json b/packages/cli/package.json

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@redocly/cli": patch
 +---
++
 +Updated React dependency to avoid vulnerable React version (19.0.0) affected by CVE-2025-55182.