This repository has been archived by the owner on Jan 22, 2024. It is now read-only.
a vulnerability CVE-2020-15168 is introduced in open-vector-editor #760
Assignees
Comments
|
Hey @ayaka-kms there are no plans at the moment to remove recompose from our toolchain but I think I would be open to a PR switching to use either acdlite/recompose#819 or https://github.com/react-recompose/react-recompose A PR would also need to be made in https://github.com/TeselaGen/teselagen-react-components |
|
@tnrich Thanks a lot. |
|
@ayaka-kms I switched out recompose for react-recompose which no longer has fbjs as a dep Same with teselagen-react-components You can get this change in [email protected] |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi, a vulnerability CVE-2020-15168 is introduced in open-vector-editor via:
● [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected]
recompose is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate recompose to other package to remediate this vulnerability?
I noticed several migration records for recompose in other js repos, such as
Are there any efforts planned that would remediate this vulnerability or migrate recompose?
Thanks
; )
The text was updated successfully, but these errors were encountered: