CHORE: Update async to remedy CVE-2021-43138

[mceachen]

See https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827 for more details.

[WilliamRADFunk]

@mde : Someone please merge this.

[idodoroz4]

@mde can you please merge this?

[hppycoder]

Test output from @mceachen's branch:

chadsmith@Chads-MBP jake % npm install
added 252 packages from 122 contributors and audited 253 packages in 3.26s

43 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

chadsmith@Chads-MBP jake % npm test

> jake@10.8.4 test /Users/chadsmith/jake
> ./bin/cli.js test

Starting 'test:unit'...
Finished 'test:unit' after 4 ms
Starting 'test:integration'...


  namespace
    ✓ resolve namespace by relative name
    ✓ resolve task in sub-namespace by relative path
    ✓ prefer local to top-level
    ✓ does resolve top-level
    ✓ absolute lookup works from sub-namespaces
    ✓ resolution miss with throw error

  parseargs
    ✓ long preemptive opt and val with equal-sign, ignore further opts
    ✓ long preemptive opt and val without equal-sign, ignore further opts
    ✓ long preemptive opt and no val, ignore further opts
    ✓ preemptive opt with no val, should be true
    ✓ preemptive opt with no val, should be true and ignore further opts
    ✓ preemptive opt with val, should be val
    ✓ -f expects a value, -t does not (howdy is task-name)
    ✓ different order, -f expects a value, -t does not (howdy is task-name)
    ✓ -f expects a value, -t does not (foo=bar is env var)
    ✓ -f expects a value, -t does not (foo=bar is env-var, task-name follows)
    ✓ -t does not expect a value, -f does (howdy is task-name)
    ✓ --trace does not expect a value, -f does (howdy is task-name)
    ✓ --trace does not expect a value (equal), -f does (throw howdy away)


  19 passing (9ms)



  concurrent
    ✓  simple concurrent prerequisites 1 (1289ms)
    ✓  simple concurrent prerequisites 2 (1350ms)
    ✓  sequential concurrent prerequisites (1612ms)
    ✓  concurrent concurrent prerequisites (1374ms)
    ✓  concurrent prerequisites with subdependency (1268ms)
    ✓  failing in concurrent prerequisites (964ms)

  fileTask
    ✓ where a file-task prereq does not change with --always-make (1954ms)
    ✓ concating two files (990ms)
    ✓ where a file-task prereq does not change (1904ms)
    ✓ where a file-task prereq does change, then does not (3061ms)
    ✓ a preexisting file (2097ms)
    ✓ a preexisting file with --always-make flag (2058ms)
    ✓ nested directory-task (1002ms)

  fileUtils
    ✓ mkdirP (39ms)
    ✓ rmRf
    ✓ rmRf with symlink subdir
    ✓ rmRf with symlinked dir
    ✓ cpR with same name and different directory
    ✓ cpR with same to and from will throw
    ✓ cpR rename via copy in directory
    ✓ cpR rename via copy in base
    ✓ cpR keeps file mode
    ✓ cpR keeps file mode when overwriting with preserveMode
    ✓ cpR does not keep file mode when overwriting
    ✓ cpR copies file mode recursively
    ✓ cpR keeps file mode recursively
    ✓ cpR copies directory mode recursively

  publishTask
    ✓ default task (1271ms)

  rule
    ✓ Rule.getSource
    ✓ rule w/o pattern (1064ms)
    ✓ rule w pattern w/o folder w/o namespace (1147ms)
    ✓ rule w pattern w folder w/o namespace (1070ms)
    - rule w pattern w folder w namespace
    - rule w chain w pattern w folder w namespace
    ✓ rule with source file not created yet (precedence) (1048ms)
    ✓ rule with source file now created (precedence) (1038ms)
    ✓ rule with source file modified (precedence) (2017ms)
    ✓ rule with existing objective file and no source  (should be normal file-task) (precedence) (995ms)
    ✓ rule with source file not created yet (regexPattern) (1042ms)
    ✓ rule with source file now created (regexPattern) (1009ms)
    ✓ rule with source file modified (regexPattern) (2049ms)
    ✓ rule with existing objective file and no source  (should be normal file-task) (regexPattern) (994ms)
    ✓ rule with source file not created yet (sourceFunction) (998ms)
    ✓ rule with source file now created (sourceFunction) (1016ms)
    ✓ rule with source file modified (sourceFunction) (2040ms)
    ✓ rule with existing objective file and no source  (should be normal file-task) (sourceFunction) (1003ms)

  selfDep
    ✓ self dep const (985ms)
    ✓ self dep dyn (1006ms)

  taskBase
    ✓ default task (2041ms)
    ✓ task with no action (1005ms)
    ✓ a task with no action and no prereqs (1018ms)
    ✓ a task that exists at the top-level, and not in the specified namespace, should error (977ms)
    ✓ passing args to a task (997ms)
    ✓ a task with environment vars (1006ms)
    ✓ passing args and using environment vars (996ms)
    ✓ a simple prereq (1001ms)
    ✓ a duplicate prereq only runs once (946ms)
    ✓ a prereq with command-line args (949ms)
    ✓ a prereq with args via invoke (1057ms)
    ✓ a prereq with args via execute (941ms)
    ✓ repeating the task via execute (953ms)
    ✓ prereq execution-order (951ms)
    ✓ basic async task (952ms)
    ✓ promise async task (996ms)
    ✓ failing promise async task (967ms)
    ✓ that current-prereq index gets reset (984ms)
    ✓ modifying a task by adding prereq during execution (943ms)
    ✓ listening for task error-event (954ms)
    ✓ listening for jake error-event (951ms)
    ✓ listening for jake unhandledRejection-event (949ms)
    ✓ large number of same prereqs (1053ms)
    ✓ large number of different prereqs (1049ms)
    ✓ large number of different prereqs (945ms)
    ✓ modifying a namespace by adding a new task (949ms)


  72 passing (1m)
  2 pending

Finished 'test:integration' after 70525 ms
Starting 'test:integrationClobber'...
Finished 'test:integrationClobber' after 35 ms
Starting 'test'...
Finished 'test' after 0 ms

[gheorghesava-mck]

We need this merge

[gboer]

I think this PR is not needed anymore. The async package has already been updated and the vulnerability is fixed :)

[gheorghesava-mck]

I confirm that the async was updated to 3.2.3. Thanks!