a vulnerability CVE-2018-1109 is introduced in @cplace/asc via:

[ayaka-kms]

Hi, @slaven3kopic, a vulnerability CVE-2018-1109 is introduced in @cplace/asc via:
● @cplace/asc@1.0.7 ➔ cpx@1.5.0 ➔ chokidar@1.7.0 ➔ anymatch@1.3.2 ➔ micromatch@2.3.11 ➔ braces@1.8.5

However, cpx is a legacy package, which has not been maintained for about 5 years.
Is it possible to migrate cpx to other package to remediate this vulnerability?

I noticed several migration records in other js repo for cpx:

1. in commitizen, version 2.10.1 ➔ 3.0.0, remove cpx via commit
2. in @s-ui/studio, version 10.12.0 ➔ 10.13.0, migrate cpx to copyfiles via commit
3. in taninsam, migrate from cpx to cpx2 via commit

Thanks.