PR bumps the version of async dependency in package.json so that it's not possible to get a vulnerable version of async via this dependency. #130 only bumped the version in the package-lock.json file which only affects this repository, and not downstream consumers.
PR bumps the version of
async
dependency in package.json so that it's not possible to get a vulnerable version ofasync
via this dependency. #130 only bumped the version in thepackage-lock.json
file which only affects this repository, and not downstream consumers.