a vulnerability CVE-2021-23382 is introduced in @coorpacademy/components

Hi, a vulnerability [CVE-2021-23382](https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640) is introduced in @coorpacademy/components via:
●  @coorpacademy/components@10.0.19 ➔ postcss-color-function@4.1.0 ➔ postcss@6.0.23

**_postcss-color-function_** is a legacy package. It has not been maintained for about 2 years, and is not likely to be updated.
Is it possible to migrate **postcss-color-function** to other package to remediate this vulnerability?

I noticed several migration records for **_postcss-color-function_** in other js repos, such as

1. in AdvisorySG/ghost-advisory-theme, Replace the obsolete postcss-color-function with postcss-color-mod-function via [commit](https://github.com/AdvisorySG/ghost-advisory-theme/commit/0e7d1ff0b6d90d71ca87deebea26f849b87e4175)
2. in JBValo/bond, Replace the obsolete postcss-color-function with postcss-color-mod-function via 
[commit](https://github.com/JBValo/bond/commit/bef84166565e34b2d6cd17328baffe050dda66f4)
3. in cloudflare/cf-ui, replace postcss-color-function by polished via 
[commit](https://github.com/cloudflare/cf-ui/commit/f4763ae7a031bef401b4d390e10ae378277f0d72)

Are there any efforts planned that would remediate this vulnerability or migrate **_postcss-color-function_**?

Thanks
 ; )

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

a vulnerability CVE-2021-23382 is introduced in @coorpacademy/components #1936

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

a vulnerability CVE-2021-23382 is introduced in @coorpacademy/components #1936

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions