From 376e419b3f000254e457a3007ebfa5f1c5b8a32a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 2 Feb 2024 19:21:50 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-VM2-5422057
- https://snyk.io/vuln/SNYK-JS-VM2-5426093
- https://snyk.io/vuln/SNYK-JS-VM2-5537079
- https://snyk.io/vuln/SNYK-JS-VM2-5537100
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c5d5c93..82ad070 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,7 +17,7 @@
         "node-opcua": "~2.81.0",
         "rimraf": "~3.0.2",
         "underscore": "~1.13.6",
-        "vm2": "~3.9.15"
+        "vm2": "^3.9.19"
       },
       "devDependencies": {
         "@node-red/nodes": "^3.0.2",
@@ -20356,9 +20356,10 @@
       }
     },
     "node_modules/vm2": {
-      "version": "3.9.15",
-      "resolved": "https://registry.npmjs.org/vm2/-/vm2-3.9.15.tgz",
-      "integrity": "sha512-XqNqknHGw2avJo13gbIwLNZUumvrSHc9mLqoadFZTpo3KaNEJoe1I0lqTFhRXmXD7WkLyG01aaraXdXT0pa4ag==",
+      "version": "3.9.19",
+      "resolved": "https://registry.npmjs.org/vm2/-/vm2-3.9.19.tgz",
+      "integrity": "sha512-J637XF0DHDMV57R6JyVsTak7nIL8gy5KH4r1HiwWLf/4GBbb5MKL5y7LpmF4A8E2nR6XmzpmMFQ7V7ppPTmUQg==",
+      "deprecated": "The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.",
       "dependencies": {
         "acorn": "^8.7.0",
         "acorn-walk": "^8.2.0"
diff --git a/package.json b/package.json
index d8bb290..bd9f529 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,7 @@
     "node-opcua": "~2.81.0",
     "rimraf": "~3.0.2",
     "underscore": "~1.13.6",
-    "vm2": "~3.9.15"
+    "vm2": "~3.9.19"
   },
   "keywords": [
     "node-red",