Skip to content

Bump @nevware21/ts-utils from 0.13.0 to 0.14.0 in /vscode-dotnet-runtime-library#2684

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vscode-dotnet-runtime-library/nevware21/ts-utils-0.14.0
Open

Bump @nevware21/ts-utils from 0.13.0 to 0.14.0 in /vscode-dotnet-runtime-library#2684
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vscode-dotnet-runtime-library/nevware21/ts-utils-0.14.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps @nevware21/ts-utils from 0.13.0 to 0.14.0.

Release notes

Sourced from @​nevware21/ts-utils's releases.

0.14.0

Changelog

Features

  • #525 feat(array): add new array helpers and array-like detection
    • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
  • #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
  • #528 feat(string): add strCapitalizeWords helper
  • #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
  • #533 feat(array): add arrFlatMap with ES5 polyfill support
  • #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
  • #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
  • #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers
  • #564 feat(object): add new object utility helpers and harden defaults against prototype pollution
    • New helpers: objPick, objOmit, objPickBy, objOmitBy — property selection and omission with typed overloads
    • New helpers: objMapValues — create a new object with values transformed by a mapper function
    • New helpers: objMergeIf, objDefaults — conditional merge and shallow defaults (similar to Lodash _.defaults) hardened against prototype pollution
    • New helper: objDiff — shallow diff returning only changed/added keys from a modified object vs a base
    • New helpers: forEachOwnKey, forEachOwnKeySafe — iteration over both string and symbol keys (existing forEachOwnKeySafe was string-only)
    • New helper: objForEachKeySafe — safe string-key iteration that filters __proto__, constructor, prototype
    • Extended isUnsafeTarget coverage to TypedArrays, ArrayBuffer, DataView, WeakRef, FinalizationRegistry

Security Issue

  • CVE-2026-46681 Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
    • Also affected setValueByKey and setValueByIter
    • #565 feat: add prototype-pollution guards and array key helpers

Bug Fixes

  • #558 Fix ES2015 built-in type errors in consumers by adding lib reference directive to published declarations
    • Consumers using "lib": ["ES5", "DOM"] (or omitting lib) received Cannot find name 'Symbol' / Cannot find name 'Iterator' errors because the published .d.ts exposed ES2015 types without declaring the dependency
    • Added /// <reference lib="es2015" /> to the source entry points (index.ts, polyfills.ts) and a new post-processing script (lib/scripts/setTsReferences.js) that prepends the directive to the api-extractor bundled output (api-extractor strips these directives from its rollup)
    • Added "lib": ["ES2015", "DOM"] to all library and test tsconfig files for consistent compile-time validation
    • Net effect: consumers no longer need to add "ES2015" to their own tsconfig.json lib settings
  • #561 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEachKey
    • #566 Fix falsy thisArg (0, '', false) being overridden in arrForEach, iterForOf, objForEachKey
  • #562 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfills

Repository Improvements

  • #549 Drop Node.js 16 from CI matrix and add Node.js 24
  • #552 Upgrade Grunt devDependency to v1.6.2
  • #554 Add funding metadata to published package manifests
  • #556 Add release PR instructions to Copilot instructions

Full Changelog

Changelog

Sourced from @​nevware21/ts-utils's changelog.

v0.14.0 May 18th, 2026

Changelog

Features

  • #525 feat(array): add new array helpers and array-like detection
    • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
  • #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
  • #528 feat(string): add strCapitalizeWords helper
  • #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
  • #533 feat(array): add arrFlatMap with ES5 polyfill support
  • #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
  • #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
  • #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers
  • #564 feat(object): add new object utility helpers and harden defaults against prototype pollution
    • New helpers: objPick, objOmit, objPickBy, objOmitBy — property selection and omission with typed overloads
    • New helpers: objMapValues — create a new object with values transformed by a mapper function
    • New helpers: objMergeIf, objDefaults — conditional merge and shallow defaults (similar to Lodash _.defaults) hardened against prototype pollution
    • New helper: objDiff — shallow diff returning only changed/added keys from a modified object vs a base
    • New helpers: forEachOwnKey, forEachOwnKeySafe — iteration over both string and symbol keys (existing forEachOwnKeySafe was string-only)
    • New helper: objForEachKeySafe — safe string-key iteration that filters __proto__, constructor, prototype
    • Extended isUnsafeTarget coverage to TypedArrays, ArrayBuffer, DataView, WeakRef, FinalizationRegistry

Security Issue

  • CVE-2026-46681 Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
    • Also affected setValueByKey and setValueByIter
    • #565 feat: add prototype-pollution guards and array key helpers

Bug Fixes

  • #558 Fix ES2015 built-in type errors in consumers by adding lib reference directive to published declarations
    • Consumers using "lib": ["ES5", "DOM"] (or omitting lib) received Cannot find name 'Symbol' / Cannot find name 'Iterator' errors because the published .d.ts exposed ES2015 types without declaring the dependency
    • Added /// <reference lib="es2015" /> to the source entry points (index.ts, polyfills.ts) and a new post-processing script (lib/scripts/setTsReferences.js) that prepends the directive to the api-extractor bundled output (api-extractor strips these directives from its rollup)
    • Added "lib": ["ES2015", "DOM"] to all library and test tsconfig files for consistent compile-time validation
    • Net effect: consumers no longer need to add "ES2015" to their own tsconfig.json lib settings
  • #561 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEachKey
    • #566 Fix falsy thisArg (0, '', false) being overridden in arrForEach, iterForOf, objForEachKey
  • #562 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfills

Repository Improvements

  • #549 Drop Node.js 16 from CI matrix and add Node.js 24
  • #552 Upgrade Grunt devDependency to v1.6.2
  • #554 Add funding metadata to published package manifests
  • #556 Add release PR instructions to Copilot instructions

Dependency Updates

... (truncated)

Commits
  • 45cb369 [Release] Increase version to 0.14.0 (#567)
  • 5e887f4 Add new object utility helpers and harden defaults against prototype pollutio...
  • 0a486d3 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEa...
  • 9362b6e Bump puppeteer from 24.43.1 to 25.0.2 (#559)
  • d65f853 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfill...
  • 26b4766 Add prototype-pollution guards and array key helpers (#565)
  • 4d28559 Fix ES2015 built-in type errors in consumers by adding lib reference directiv...
  • da838a4 docs: add release PR instructions to copilot instructions (#556)
  • 97d40a2 Add funding metadata to published package manifests (#554)
  • 287f7c9 Upgrade Grunt devDependency to v1.6.2 (#552)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@dependabot
Bump @nevware21/ts-utils in /vscode-dotnet-runtime-library
a9701d5 
Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.13.0...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vscode-dotnet-runtime-library/nevware21/ts-utils-0.14.0 branch from 0c79b2f to a9701d5 Compare May 27, 2026 22:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants