[Security]: update VM2 to 3.9.17

[zakuru]

https://github.com/patriksimek/vm2/releases/tag/3.9.17

[pablospaniard]

@TooTallNate it seems that you have the power to update all the packages: proxy-agent, pac-proxy-agent, pac-resolver, degenerator. Please do it ASAP :) Thank you in advance.

[zakuru]

Thanks @TooTallNate 👍

[TooTallNate]

I'll do a release for this, but honestly it's not necessary since the semver range on this dependency is already loose enough to allow for the updated version to be installed. Just update your lockfile in your project.

[zakuru]

I'll do a release for this, but honestly it's not necessary since the semver range on this dependency is already loose enough to allow for the updated version to be installed. Just update your lockfile in your project.

You are correct as long as the users do as you said the right version of VM2 will be taken

/workspaces/node-proxy-agent (master) $ npm ls vm2
proxy-agent@5.0.0 /workspaces/node-proxy-agent
└─┬ pac-proxy-agent@5.0.0
  └─┬ pac-resolver@5.0.1
    └─┬ degenerator@3.0.3
      └── vm2@3.9.17

Probably no need power upgrade for all
Thanks for the follow up 👍