A vulnerability introduced in react-images

[ayaka-kms]

Hi, a vulnerability CVE-2020-15168 is introduced in react-images via:
● react-images@1.2.0-beta.7 ➔ glam@5.0.1 ➔ fbjs@0.8.17 ➔ isomorphic-fetch@2.2.1 ➔ node-fetch@1.7.3

---

However, glam is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate glam to other package or remove it to remediate this vulnerability?

I noticed a migration record in other js repo for glam:

● in react-select, version 2.0.0-beta.1 ➔ 2.0.0-beta.2, Migrate from react-select to emotion via commit

Thanks.

[davwheat]

This security vulnerability has no effect on us since we don't use the functionality that is affected.

This package is unmaintained. If you wish to fix it, feel free to open a PR and I'll take a look.

[dannya]

@davwheat I've done this work in #405