a vulnerability CVE-2018-1109 is introduced in @cplace/asc via:

Question

a vulnerability CVE-2018-1109 is introduced in @cplace/asc via:

Opened this issue 3 years ago · 0 comments

Hi, @slaven3kopic, a vulnerability CVE-2018-1109 is introduced in @cplace/asc via:
● @cplace/asc@1.0.7 ➔ cpx@1.5.0 ➔ chokidar@1.7.0 ➔ anymatch@1.3.2 ➔ micromatch@2.3.11 ➔ braces@1.8.5

However, cpx is a legacy package, which has not been maintained for about 5 years.
Is it possible to migrate cpx to other package to remediate this vulnerability?

I noticed several migration records in other js repo for cpx:

in commitizen, version 2.10.1 ➔ 3.0.0, remove cpx via commit
in @s-ui/studio, version 10.12.0 ➔ 10.13.0, migrate cpx to copyfiles via commit
in taninsam, migrate from cpx to cpx2 via commit

Thanks.