grig-fifty
commented
2 years ago hey! have you found a workaround for this issue? thanks!
Open ayaka-kms opened 3 years ago
grig-fifty
commented
2 years ago hey! have you found a workaround for this issue? thanks!
liqueflies
commented
2 years ago Hello people, Thanks for submitting. I think this should be massive (cause I guess also tests should be upgraded) and now time is very little and it's difficult to update stuff only by myself.
Feel free to submit a PR! 💚
Hi, @liqueflies, a vulnerability CVE-2020-15168 is introduced in vue-styled-components via: ● vue-styled-components@1.6.0 ➔ glamor@2.20.40 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3
However, glamor is a legacy package, which has not been maintained for about 4 years. Is it possible to migrate glamor to other package to remediate this vulnerability?
I noticed a migration record in other js repo for glamor:
● in bs-css, version 7.5.0 ➔ 8.0.0-beta.0, migrate glamor to emotion via commit ● in @uifabric/styling, version 0.24.2 ➔ 5.0.0-beta.1, migrate glamor to @uifabric/merge-styles via commit
Are there any efforts planned that would remediate this vulnerability or migrate glamor?
Thanks.