Hi, several vulnerabilities CVE-2020-15168,CVE-2020-7598 are introduced in at-x-data-spreadsheet via:
● at-x-data-spreadsheet@1.1.31 ➔ opencollective@1.0.3 ➔ minimist@1.2.0
However, opencollective is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate opencollective to other package to remediate this vulnerability?
I noticed several migration records in other js repo for opencollective:
in commitizen, version 2.10.1 ➔ 3.0.0, remove opencollective via commit
in fast-xml-parser, version 3.3.0 ➔ 3.3.1, remove opencollective via commit
in react-slick, version 0.12.1 ➔ 0.12.2, remove opencollective via commit
in level, version 3.0.1 ➔ 3.0.2, migrate opencollective to opencollective-postinstall via commit
in ngx-infinite-scroll, version 7.0.1 ➔ 7.1.0, migrate opencollective to opencollective-postinstall via commit
in inferno, version 7.1.8 ➔ 7.1.9, migrate opencollective to opencollective-postinstall via commit
Are there any efforts planned that would remediate this vulnerability or migrate opencollective?
Hi, several vulnerabilities CVE-2020-15168,CVE-2020-7598 are introduced in at-x-data-spreadsheet via: ● at-x-data-spreadsheet@1.1.31 ➔ opencollective@1.0.3 ➔ minimist@1.2.0
However, opencollective is a legacy package, which has not been maintained for about 4 years. Is it possible to migrate opencollective to other package to remediate this vulnerability?
I noticed several migration records in other js repo for opencollective:
Are there any efforts planned that would remediate this vulnerability or migrate opencollective?
Thanks.