You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, a vulnerability CVE-2020-15168 is introduced in mx-react-components via:
● mx-react-components@8.2.16 ➔ glamor@2.20.40 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3
However, glamor is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate glamor to other package to remediate this vulnerability?
I noticed a migration record in other js repo for glamor:
● in bs-css, version 7.5.0 ➔ 8.0.0-beta.0, migrate glamor to emotion via commit
● in @uifabric/styling, version 0.24.2 ➔ 5.0.0-beta.1, migrate glamor to @uifabric/merge-styles via commit
Are there any efforts planned that would remediate this vulnerability or migrate glamor?
Thanks.
The text was updated successfully, but these errors were encountered:
Hi, a vulnerability CVE-2020-15168 is introduced in mx-react-components via:
● mx-react-components@8.2.16 ➔ glamor@2.20.40 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3
However, glamor is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate glamor to other package to remediate this vulnerability?
I noticed a migration record in other js repo for glamor:
● in bs-css, version 7.5.0 ➔ 8.0.0-beta.0, migrate glamor to emotion via commit
● in @uifabric/styling, version 0.24.2 ➔ 5.0.0-beta.1, migrate glamor to @uifabric/merge-styles via commit
Are there any efforts planned that would remediate this vulnerability or migrate glamor?
Thanks.
The text was updated successfully, but these errors were encountered: