Hi, @Quramy, a vulnerability CVE-2018-1109 is introduced in reg-suit-core@0.10.16 via:
● reg-suit-core@0.10.16 ➔ cpx@1.5.0 ➔ chokidar@1.7.0 ➔ anymatch@1.3.2 ➔ micromatch@2.3.11 ➔ braces@1.8.5

However, cpx is a legacy package, which has not been maintained for about 5 years.
Is it possible to migrate cpx to other package to remediate this vulnerability?

I noticed several migration records in other js repo for cpx:

1. in commitizen, version 2.10.1 ➔ 3.0.0, remove cpx via commit
2. in @s-ui/studio, version 10.12.0 ➔ 10.13.0, migrate cpx to copyfiles via commit

Thanks.

resolved by #605