Async version 2.0.1 is a minor patch release following the 2.0.0 version of this popular JavaScript utility library, designed to simplify asynchronous programming. Both versions share the same core functionality, providing higher-order functions for common asynchronous patterns, making it easier to manage complex asynchronous workflows in Node.js and the browser. Both rely on lodash as a dependency.
The key difference lies in bug fixes and potential minor performance improvements in version 2.0.1. Developers already using 2.0.0 should consider upgrading to 2.0.1 for increased stability. No new features were introduced.
For developers new to the library, Async offers a comprehensive suite of tools to handle asynchronous tasks, including functions for parallel execution, serial execution, limiting concurrency, and various control flow mechanisms. The library avoids callback hell and streamlines asynchronous development. Both versions are licensed under the MIT license, so you can use it without restrictions.
The library leverages various development dependencies, including testing frameworks like Mocha and Chai, code quality tools like ESLint, and build tools like Rollup and Babel for modern JavaScript compatibility. These tools ensures code quality, compatibility, and performance. While the development dependencies for both versions appear identical, the patch likely involved refinements stemming from these tools' outputs. It is developed by Caolan McMahon and published on npm.
All the vulnerabilities related to the version 2.0.1 of the package
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
