Fix: Eliminate vm2 security vulnerability (#358)

* fix: update proxy-agent to eliminate vm2 security vulnerability

Update proxy-agent from 6.2.1 to 6.5.0 to remove the deprecated and vulnerable vm2 package from the dependency tree. The newer version uses @tootallnate/quickjs-emscripten as a safe alternative for JavaScript sandboxing.

This eliminates multiple critical CVEs (CVSS 9.8-10.0):
- CVE-2023-29017, CVE-2023-30547, CVE-2023-37466
- CVE-2023-37903, CVE-2022-36067

All tests pass with no breaking changes.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* ci: update GitHub Actions to v4 to fix cache issues

Updated actions/checkout and actions/setup-node from v2 to v4 to resolve
persistent yarn cache service errors (400 responses) in CI.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Aditi Ohri <aohri@redhat.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: 3 people

.github/workflows/node.js.yml

@@ -20,15 +20,9 @@ jobs:
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
-    - uses: actions/checkout@v2
-#     - uses: actions/cache@v2
-#       with:
-#         path: ~/.npm
-#         key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-#         restore-keys: |
-#           ${{ runner.os }}-node-
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
         cache: 'yarn'

package.json

@@ -53,7 +53,7 @@
         "opn": "5.5.0",
         "porty": "3.1.1",
         "print-colors": "1.0.1",
-        "proxy-agent": "6.2.1",
+        "proxy-agent": "6.5.0",
         "serve-static": "1.15.0",
         "transformer-proxy": "0.3.5",
         "yargs": "17.4.1"