 a vulnerability CVE-2020-15168 is introduced in mx-react-components

Hi,  a vulnerability CVE-2020-15168 is introduced in mx-react-components  via:
●  mx-react-components@8.2.16 ➔ glamor@2.20.40 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

However, glamor is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate glamor to other package to remediate this vulnerability?

I noticed a migration record in other js repo for glamor:

●  in **bs-css**, version 7.5.0 ➔ 8.0.0-beta.0, migrate **glamor** to **emotion** via [commit](https://github.com/giraud/bs-css/commit/9923ae40fd9a1cc8f723752fefa0ce93072b7624)
●  in **@uifabric/styling**, version 0.24.2 ➔ 5.0.0-beta.1, migrate **glamor** to **@uifabric/merge-styles** via [commit](https://github.com/microsoft/fluentui/pull/2527)

Are there any efforts planned that would remediate this vulnerability or migrate glamor?

Thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

a vulnerability CVE-2020-15168 is introduced in mx-react-components #925

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

a vulnerability CVE-2020-15168 is introduced in mx-react-components #925

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions