Version Details and Security Vulnerabilities

Async version 2.1.2 introduces several updates compared to version 2.1.1, primarily affecting the development dependencies used for building and testing the library. Both versions, designed for higher-order asynchronous JavaScript programming, share the same core dependency: lodash "^4.14.0," ensuring consistent utility functionalities.

The upgrade from 2.1.1 to 2.1.2 mostly involves improvements and bug fixes in the tooling. Key updates include: karma (0.13.2 -> ^1.3.0), mocha (2.2.5 -> ^3.1.2), eslint ( ^2.11.1 -> ^2.13.1) rollup (0.25.0 -> ^0.36.3), cheerio (0.20.0 -> ^0.22.0), bluebird (2.9.32 -> ^3.4.6), karma-mocha (0.2.0 -> ^1.2.0), rollup-plugin-npm (~1.3.0 -> ^2.0.0), karma-mocha-reporter (1.0.2 -> ^2.2.0), karma-firefox-launcher (0.1.6 -> ^1.0.0), rollup-plugin-node-resolve (1.5.0 -> ^2.0.0), babel-plugin-add-module-exports (~0.1.2 -> ^0.2.1), and uglify-js (~2.4.0 -> ~2.7.3). Note the upgrade of almost every dependency, with the exception of: nyc, chai, rsvp, jsdoc, yargs, rimraf, semver, fs-extra, benchmark, coveralls, babel-core, es6-promise, vinyl-buffer, gh-pages-deploy, karma-browserify, recursive-readdir, babel-preset-es2015, native-promise-only, vinyl-source-stream, babel-plugin-istanbul, babel-plugin-transform-es2015-modules-commonjs.

Essentially, version 2.1.2 modernizes the development environment, likely bringing performance improvements in the build and test phases and possibly better code quality checks through newer linting rules. Developers using Async shouldn't experience significant changes in the core functionality or usage patterns between these versions, as the public API and core dependency remain consistent. Upgrading primarily benefits contributors and maintainers by providing a more robust and efficient development workflow.