Async version 2.3.0 is a minor update to the popular asynchronous JavaScript utility library, building upon the functionality offered in version 2.2.0. Both versions cater to developers seeking to streamline asynchronous operations in Node.js and the browser, providing tools for managing complex workflows and avoiding callback hell. The core asynchronous patterns and higher-order functions remain consistent, ensuring a smooth transition for existing users. Key functionalities for parallel execution, series execution, waterfall patterns, and handling asynchronous collections are present in both versions.
The notable change between the two releases primarily lies in the updated development dependencies which are employed for building, testing, and maintaining the library itself. Version 2.3.0 upgraded babel-cli (from 6.16.0 to 6.24.0) and babel-core (from 6.3.26 to 6.24.0), and also added babel-preset-es2017 as a dev dependency. These updates likely include bug fixes, performance improvements, and potentially new ECMAScript features used internally within the async library's build process. For developers using the async library in their projects, the upgrade to 2.3.0 is likely a seamless process, with no breaking changes expected in the API or core functionality, and any improvements should be transparent. Developers that are also using babel would need to take special note of the minor bumps as they might have effects on their setups.
All the vulnerabilities related to the version 2.3.0 of the package
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
