[CVE-2021-43138] Prototype Pollution in async

[okuryu]

It seems that using gh-pages detects this async related vulnerability. Can you upgrade to the latest async?

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43138
• GHSA-fwr7-v2mv-hh25

[okuryu]

#425 is created by dependabot.

[okuryu]

the backport is landed in async v2.6.4 (caolan/async#1828). I believe it is no longer affected by the vulnerability, so I'd like to close this one.