You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 31, 2023. It is now read-only.
Hi, @daedalus28, a vulnerability CVE-2020-15168 is introduced in contexture-react via:
● contexture-react@2.47.0 ➔ recompose@0.30.0 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3
recompose is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate recompose to other package to remediate this vulnerability?
I noticed several migration records for recompose in other js repos, such as
in react-dnd, version 7.4.1 ➔ 7.4.2, remove recompose via commit
in @nivo/legends, version 0.67.0 ➔ 0.68.0, remove recompose via commit
Are there any efforts planned that would remediate this vulnerability or migrate recompose?
Hi, @daedalus28, a vulnerability CVE-2020-15168 is introduced in contexture-react via:
● contexture-react@2.47.0 ➔ recompose@0.30.0 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3
recompose is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate recompose to other package to remediate this vulnerability?
I noticed several migration records for recompose in other js repos, such as
Are there any efforts planned that would remediate this vulnerability or migrate recompose?
Thanks
; )