chore: apply npm audit security fixes

[vadyvas]

What/Why/How?

• npm audit
• update smoke snapshot

Reference

GHSA-qx2v-qp2m-jg93

Testing

Screenshots (optional)

➜  redocly-cli-2 git:(main) ✗ npm audit
# npm audit report

postcss  <8.5.10
Severity: moderate
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output - https://github.com/advisories/GHSA-qx2v-qp2m-jg93
fix available via `npm audit fix --force`
Will install styled-components@6.4.1, which is outside the stated dependency range
node_modules/postcss
node_modules/styled-components/node_modules/postcss
  styled-components  6.1.3 - 6.4.0-prerelease.14
  Depends on vulnerable versions of postcss
  node_modules/styled-components

2 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix --force

new snapshot:

Check yourself

• This PR follows the contributing guide
• All new/updated code is covered by tests
• Core code changed? - Tested with other Redocly products (internal contributions only)
• New package installed? - Tested in different environments (browser/node)
• Documentation update has been considered

Security

• The security impact of the change has been considered
• Code follows company security practices and guidelines

---

Note

Medium Risk
Primarily a dependency/lockfile update, but it upgrades styled-components and related transitive packages, which can change generated HTML/CSS output and potentially affect docs rendering and build determinism.

Overview
Updates @redocly/cli to use styled-components@6.4.1 (via a changeset) to resolve an npm audit vulnerability in transitive postcss.

Refreshes package-lock.json with the new dependency graph and updates e2e build-docs snapshots (and expected bundle sizes) to match the new prerendered HTML/CSS output generated with the upgraded styling stack.

^{Reviewed by Cursor Bugbot for commit f955714. Bugbot is set up for automated code reviews on this repo. Configure here.}

[changeset-bot]

🦋 Changeset detected

Latest commit: f955714

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@redocly/cli	Patch
@redocly/openapi-core	Patch
@redocly/respect-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

CLI Version	Mean Time ± Std Dev (s)	Relative Performance (Lower is Faster)
cli-latest	1.924s ± 0.021s	▓ 1.00x (Fastest)
cli-next	1.942s ± 0.016s	▓ 1.01x

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	80.08% (🎯 80%)	7130 / 8903
🔵	Statements	79.49% (🎯 79%)	7408 / 9319
🔵	Functions	83.47% (🎯 83%)	1430 / 1713
🔵	Branches	71.67% (🎯 71%)	4829 / 6737

File Coverage

No changed files found.

Generated in workflow #9695 for commit f955714 by the Vitest Coverage Report Action