Fix security warning

[quilicicf]

Hi,

When installing cpx as a dependency of a project, npm gave me a warning about a vulnerability.
The problem comes from dependency chokidar, I've created an issue there.

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ deep-extend                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cpx [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ cpx > chokidar > fsevents > node-pre-gyp > rc > deep-extend  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/612                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

I also noticed that the badge on the README points to another vulnerability, on debug this time (cf David report).

Thanks for developing cpx.
I can commit a fix if that helps.

[quilicicf]

I opened a PR to try and fix all non-low vulnerabilities: #43

[mysticatea]

I'm sorry for my overlook. Thank you for this report and that PR.

I will take a look the PR within this week.

[quilicicf]

No harm done, thanks

[mysticatea]

#43 was merged. Thank you!