Skip to content
This repository has been archived by the owner on Apr 13, 2023. It is now read-only.

a vulnerability CVE-2020-15168 is introduced in gatsby-theme-apollo-docs #218

Open
ayaka-kms opened this issue Aug 14, 2021 · 0 comments
Open

a vulnerability CVE-2020-15168 is introduced in gatsby-theme-apollo-docs #218

ayaka-kms opened this issue Aug 14, 2021 · 0 comments

Comments

@ayaka-kms
Copy link

ayaka-kms commented Aug 14, 2021
edited

Hi, @trevorblades, a vulnerability CVE-2020-15168 is introduced in gatsby-theme-apollo-docs via:
● gatsby-theme-apollo-docs@4.8.0-alpha.42 ➔ recompose@0.30.0 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

recompose is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate recompose to other package to remediate this vulnerability?

I noticed several migration records for recompose in other js repos, such as

  1. in react-dnd, version 7.4.1 ➔ 7.4.2, remove recompose via commit
  2. in @nivo/legends, version 0.67.0 ➔ 0.68.0, remove recompose via commit

Are there any efforts planned that would remediate this vulnerability or migrate recompose?

Thanks
; )
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ayaka-kms