a vulnerability CVE-2020-15168 is introduced in vue-styled-components

[ayaka-kms]

Hi, @liqueflies, a vulnerability CVE-2020-15168 is introduced in vue-styled-components via:
● [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected]

However, glamor is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate glamor to other package to remediate this vulnerability?

I noticed a migration record in other js repo for glamor:

● in bs-css, version 7.5.0 ➔ 8.0.0-beta.0, migrate glamor to emotion via commit
● in @uifabric/styling, version 0.24.2 ➔ 5.0.0-beta.1, migrate glamor to @uifabric/merge-styles via commit

Are there any efforts planned that would remediate this vulnerability or migrate glamor?

Thanks.

[grig-fifty]

hey! have you found a workaround for this issue? thanks!

[liqueflies]

Hello people,
Thanks for submitting.
I think this should be massive (cause I guess also tests should be upgraded) and now time is very little and it's difficult to update stuff only by myself.

Feel free to submit a PR! 💚