Critical vm2 vulnerable to sandbox escape

[ramonjaspers]

Code-push uses the superagent-proxy dependency which has not been updated in two years and has peers which are even older resulting in outdated dependencies. When running an audit with code-push installed the following critical is returned.
critical │ vm2 vulnerable to sandbox escape
Package │ vm2
Patched in │ >=3.9.15
Dependency of │ react-native-code-push
Path react-native-code-push > code-push > superagent-proxy > │
proxy-agent > pac-proxy-agent > pac-resolver > degenerator > │
vm2More info │ https://www.npmjs.com/advisories/1091646

I see there already is a possible fix #2482, what is the possible time of release?

[ramonjaspers]

for others, i currently fixed this in my repo by using https://www.npmjs.com/package/yarn-audit-fix

[Grohden]

@ramonjaspers but this is still an issue that codepush should solve updating their deps right? can't we reopen this one?