Typically, I found a workaround after writing the above. It turns out that cpx is unmaintained. There's a fork called cpx2 that works as a drop-in replacement and resolves the vulnerability. Would the solution to this problem otherwise have been to get cpx to update its dependencies, though?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Typically, I found a workaround after writing the above. It turns out that cpx is unmaintained. There's a fork called
cpx2that works as a drop-in replacement and resolves the vulnerability. Would the solution to this problem otherwise have been to getcpxto update its dependencies, though?