hipstersmoothie/storybook-addon-react-docgen

a vulnerability is introduced in storybook-addon-react-docgen

Opened this issue · 0 comments

ayaka-kms commented

Hi, @hipstersmoothie, a vulnerability CVE-2020-15168 is introduced in storybook-addon-react-docgen via:
● storybook-addon-react-docgen@1.2.42 ➔ react-addons-create-fragment@15.6.2 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

However, react-addons-create-fragment is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate react-addons-create-fragment to other package or remove it to remediate this vulnerability?

I noticed a migration record in other js repo for react-addons-create-fragment:

● in react-paginate, version 0.4.7 ➔ 0.4.8, remove react-addons-create-fragment via commit

Thanks.