vulnerability CVE-2020-15168 is introduced by package node-fetch

[ayaka-kms]

Hi, @echoulen, a vulnerability CVE-2020-15168 is introduced in storybook-addon-styled-component-theme@2.0.0 via: ● storybook-addon-styled-component-theme@2.0.0 ➔ recompose@0.27.1 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

However, recompose is a legacy package, which has not been maintained for about 3 years. Is it possible to migrate recompose to other package to remediate this vulnerability?

I noticed several migration records in other js repo for storybook-addon-styled-component-theme:

1. in react-dnd, version 7.4.1 ➔ 7.4.2, remove recompose via commit
2. in @nivo/legends, version 0.67.0 ➔ 0.68.0, remove recompose via commit

Thanks.

[landsman]

@echoulen hey can you please update that?