a vulnerability CVE-2020-15168 is introduced in teselagen-react-components #265
Comments
|
Hey @ayaka-kms there are no plans at the moment to remove recompose from our toolchain but I think I would be open to a PR switching to use either acdlite/recompose#819 or https://github.com/react-recompose/react-recompose |
|
@tnrich Thanks for your feedback. |
|
@ayaka-kms Updated to use react-recompose. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, a vulnerability CVE-2020-15168 is introduced in teselagen-react-components via:
● [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected]
recompose is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate recompose to other package to remediate this vulnerability?
I noticed several migration records for recompose in other js repos, such as
Are there any efforts planned that would remediate this vulnerability or migrate recompose?
Thanks
; )
The text was updated successfully, but these errors were encountered: