Update dependency cpy to fix security advisory

[rmuchall]

npm audit has the following security advisory for cpy-cli:

  Moderate        Regular expression denial of service
  Package         glob-parent
  Patched in      >=5.1.2
  Dependency of   cpy-cli [dev]
  Path            cpy-cli > cpy > globby > fast-glob > glob-parent
  More info       https://npmjs.com/advisories/1751

link: https://npmjs.com/advisories/1751

It looks like this has already been fixed in your library cpy.
details: sindresorhus/cpy#84

[dkimmich-onventis]

The version was updated in the code, but cpy didn't release a new version yet, see this comment, so currently this can't be fixed.

[rchisholm]

any update on this? it's the only vulnerability we have for several months

[nvandamme]

A version of cpy implementing the fix has been released : https://github.com/sindresorhus/cpy/releases/tag/v9.0.0

[andy2mrqz]

@sindresorhus I am happy to help update the dependencies to use the latest version of cpy if it would help save you some time - I saw you were committing in the last couple days though, so not sure if you're prepping to tag a new release and this is already on your agenda.

[sindresorhus]

PR welcome :)