a vulnerability CVE-2020-15168 is introduced in material-ui-color-picker

[ayaka-kms]

Hi, @LoicMahieu, a vulnerability CVE-2020-15168 is introduced in material-ui-color-picker via:
material-ui-color-picker@3.5.1 ➔ recompose@0.30.0 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

recompose is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate recompose to other package to remediate this vulnerability?

I noticed several migration records for recompose in other js repos, such as

1. in react-dnd, version 7.4.1 ➔ 7.4.2, remove recompose via commit
2. in @nivo/legends, version 0.67.0 ➔ 0.68.0, remove recompose via commit

Are there any efforts planned that would remediate this vulnerability or migrate recompose?

Thanks
; )