Async version 2.1.0 introduces several notable changes compared to its predecessor, 2.0.1, impacting developers relying on this utility library for asynchronous JavaScript operations. While both versions maintain the core functionality of providing higher-order functions and common patterns for asynchronous code, the key divergence lies in dependency management. Version 2.1.0 adds lodash-es as a dependency, alongside the existing lodash dependency. This signals an intention to potentially leverage the lighter-weight ES module-compatible version of Lodash, potentially leading to smaller bundle sizes for projects that utilize modern module bundlers. This change could translate to performance improvements and a more optimized user experience.
Beyond dependencies, both versions share a rich set of development dependencies, including tools for testing, linting, documentation generation, and build processes. This robust tooling setup underscores the project's commitment to code quality and maintainability which reinforces confidence for developers integrating the library. Common development dependencies include mocha and chai for testing, eslint for code linting, and jsdoc for documentation.
Developers upgrading from 2.0.1 to 2.1.0 should primarily be aware of the new lodash-esdependency. Depending on their build system and usage of Lodash, this could potentially require adjustments to ensure compatibility and optimal bundling. If your project isn't using a module bundler, the addition of lodash-es will have little to no impact. As always, thorough testing after upgrading is recommended. Both versions offer a stable and well-supported toolkit for handling asynchronous tasks in JavaScript.
All the vulnerabilities related to the version 2.1.0 of the package
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
