Vulnerability due to Version fixation of third parties libraries

@baris @PitaJ Thanks a lot guys ,, My bad , i though i saw async version used by nodebb was 3.2.0

Thanks baris , but my question was , we are running latest nodebb , but the async version which runs in the latest version has some bugs, now the remediation that we got offered from scanning tool is to upgrade the async version ,, but won't that mean if we do changes in an open source code, we need to make the code public ? also explicitly upgrading libraries might break the application ..

How do we Remediate a vulnerability where the solution is to upgrade a dependent library( async) for nodebb,, as we cant upgrade explicitly