Dependency on archived @solana/buffer-layout-utils which uses vulnerable bigint-buffer

[breeze-weekian]

Hi team,

I noticed that @solana/spl-token depends on @solana/buffer-layout-utils, which in turn depends on bigint-buffer. Unfortunately bigint-buffer appears to be unmaintained (last commit 5 years ago) and has a buffer overflow security vulnerability (link to snyk report).

To make matters worse, the @solana/buffer-layout-utils package itself has also been marked as archived and read-only, which means it's unlikely to be updated to address the issue.

Are there any plans to:

• Replace @solana/buffer-layout-utils in @solana/spl-token?
• Remove the dependency on bigint-buffer?

Appreciate any guidance on this 🙏 Happy to help if there is a migration plan in mind.

Thank you very much.