[risk=low][no ticket] rev async to 2.6.4

[jmthibault79]

Addresses a vulnerability: https://github.com/all-of-us/workbench/security/dependabot/25
caolan/async#1828

Ran local UI against Test with no problems.

---

PR checklist

• This PR meets the Acceptance Criteria in the JIRA story
• The JIRA story has been moved to Dev Review
• This PR includes appropriate unit tests
• I have added explanatory comments where the logic is not obvious
• I have run and tested this change locally, and my testing process is described here
• If this includes a new feature flag, I have created and linked new JIRA tickets to (a) turn on the feature flag and (b) remove it later
• If this includes an API change, I have run the E2E tests on this change against my local server with yarn test-local because this PR won't be covered by the CircleCI tests
• If this includes a UI change, I have taken screen recordings or screenshots of the new behavior and notified the PO and UX designer in Slack
• If this change impacts deployment safety (e.g. removing/altering APIs which are in use) I have documented these in the description
• If this includes an API change, I have updated the appropriate Swagger definitions and updated the appropriate API consumers
  • AoU UI
  • Perf tests
  • Researcher Directory export
  • Cron tasks - for Offline*Controllers
  • SumoLogic - for EgressAlert