A high severity vulnerability introduced in postmark-cli

[ayaka-kms]

Hi, a vulnerability https://snyk.io/vuln/SNYK-JS-MERGE-1040469 is introduced in postmark-cli via: ● [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected]

However, watch is a legacy package, which has not been maintained for about 4 years. Is it possible to migrate watch to other package or remove it to remediate this vulnerability?

I noticed a migration record in other js repo for watch:

● in @google/clasp, version 2.3.2 ➔ 2.4.0, Migrate from watch to chokidar via commit ● in forever-monitor, version 1.5.2 ➔ 1.6.0, Migrate from watch to chokidar via commit

Are there any efforts planned that would remediate this vulnerability or migrate watch?

Thanks ; )