a vulnerability CVE-2020-15168 is introduced in vue-styled-components

[ayaka-kms]

Hi, @liqueflies, a vulnerability CVE-2020-15168 is introduced in vue-styled-components via:
● vue-styled-components@1.6.0 ➔ glamor@2.20.40 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

However, glamor is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate glamor to other package to remediate this vulnerability?

I noticed a migration record in other js repo for glamor:

● in bs-css, version 7.5.0 ➔ 8.0.0-beta.0, migrate glamor to emotion via commit
● in @uifabric/styling, version 0.24.2 ➔ 5.0.0-beta.1, migrate glamor to @uifabric/merge-styles via commit

Are there any efforts planned that would remediate this vulnerability or migrate glamor?

Thanks.

[grig-fifty]

hey! have you found a workaround for this issue? thanks!

[liqueflies]

Hello people,
Thanks for submitting.
I think this should be massive (cause I guess also tests should be upgraded) and now time is very little and it's difficult to update stuff only by myself.

Feel free to submit a PR! 💚