Async version 3.2.0 is a minor release from 3.1.1, offering developers an updated iteration of this popular utility library, designed to streamline asynchronous JavaScript coding. Both versions provide a comprehensive toolkit of higher-order functions, addressing common asynchronous patterns like parallel execution, serial execution, control flow, and collections manipulation. Thus allowing developers to write cleaner, more manageable asynchronous code. From the metadata, we see no changes in the dependencies, devDependencies, license, repository, and author fields. This suggests that the core functionality and development dependencies remain consistent between releases. The key differences lie in the version, dist, and releaseDate fields. Version 3.2.0 was released on February 24, 2020, while 3.1.1 came out on January 24, 2020. The dist section shows a new tarball URL for version 3.2.0 and a slightly smaller unpackedSize. While seemingly insignificant at first glance, a decrease in file/code size can mean performance improvements or bug fixes which are always important for the developer. For developers already leveraging Async, upgrading to 3.2.0 may be beneficial, since it represents the latest stable release and may contains important improvements or bug fixes. The minor version bump suggests backward compatibility is likely maintained as well. As is always best practice, users should check the changelog before updating to assess the specific changes implemented.
All the vulnerabilities related to the version 3.2.0 of the package
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
