Hi, I would like this change for the vm2 vulnerability to be pushed out there so we can have it fixed in our dependencies as well.

Would you be able to publish the next patch version with this? Thanks!

Any update on this?

Just update your lockfile please. The semver range is already loose enough.