Skip to content

chore(deps): bump @nevware21/ts-utils from 0.13.0 to 0.14.0#672

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/nevware21/ts-utils-0.14.0
Open

chore(deps): bump @nevware21/ts-utils from 0.13.0 to 0.14.0#672
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/nevware21/ts-utils-0.14.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps @nevware21/ts-utils from 0.13.0 to 0.14.0.

Release notes

Sourced from @​nevware21/ts-utils's releases.

0.14.0

Changelog

Features

  • #525 feat(array): add new array helpers and array-like detection
    • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
  • #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
  • #528 feat(string): add strCapitalizeWords helper
  • #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
  • #533 feat(array): add arrFlatMap with ES5 polyfill support
  • #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
  • #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
  • #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers
  • #564 feat(object): add new object utility helpers and harden defaults against prototype pollution
    • New helpers: objPick, objOmit, objPickBy, objOmitBy — property selection and omission with typed overloads
    • New helpers: objMapValues — create a new object with values transformed by a mapper function
    • New helpers: objMergeIf, objDefaults — conditional merge and shallow defaults (similar to Lodash _.defaults) hardened against prototype pollution
    • New helper: objDiff — shallow diff returning only changed/added keys from a modified object vs a base
    • New helpers: forEachOwnKey, forEachOwnKeySafe — iteration over both string and symbol keys (existing forEachOwnKeySafe was string-only)
    • New helper: objForEachKeySafe — safe string-key iteration that filters __proto__, constructor, prototype
    • Extended isUnsafeTarget coverage to TypedArrays, ArrayBuffer, DataView, WeakRef, FinalizationRegistry

Security Issue

  • CVE-2026-46681 Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
    • Also affected setValueByKey and setValueByIter
    • #565 feat: add prototype-pollution guards and array key helpers

Bug Fixes

  • #558 Fix ES2015 built-in type errors in consumers by adding lib reference directive to published declarations
    • Consumers using "lib": ["ES5", "DOM"] (or omitting lib) received Cannot find name 'Symbol' / Cannot find name 'Iterator' errors because the published .d.ts exposed ES2015 types without declaring the dependency
    • Added /// <reference lib="es2015" /> to the source entry points (index.ts, polyfills.ts) and a new post-processing script (lib/scripts/setTsReferences.js) that prepends the directive to the api-extractor bundled output (api-extractor strips these directives from its rollup)
    • Added "lib": ["ES2015", "DOM"] to all library and test tsconfig files for consistent compile-time validation
    • Net effect: consumers no longer need to add "ES2015" to their own tsconfig.json lib settings
  • #561 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEachKey
    • #566 Fix falsy thisArg (0, '', false) being overridden in arrForEach, iterForOf, objForEachKey
  • #562 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfills

Repository Improvements

  • #549 Drop Node.js 16 from CI matrix and add Node.js 24
  • #552 Upgrade Grunt devDependency to v1.6.2
  • #554 Add funding metadata to published package manifests
  • #556 Add release PR instructions to Copilot instructions

Full Changelog

Changelog

Sourced from @​nevware21/ts-utils's changelog.

v0.14.0 May 18th, 2026

Changelog

Features

  • #525 feat(array): add new array helpers and array-like detection
    • New helpers: isArrayLike, arrSlice, and other array utility improvements
  • #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
  • #528 feat(string): add strCapitalizeWords helper
  • #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
  • #533 feat(array): add arrFlatMap with ES5 polyfill support
  • #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
  • #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
  • #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers
  • #564 feat(object): add new object utility helpers and harden defaults against prototype pollution
    • New helpers: objPick, objOmit, objPickBy, objOmitBy — property selection and omission with typed overloads
    • New helpers: objMapValues — create a new object with values transformed by a mapper function
    • New helpers: objMergeIf, objDefaults — conditional merge and shallow defaults (similar to Lodash _.defaults) hardened against prototype pollution
    • New helper: objDiff — shallow diff returning only changed/added keys from a modified object vs a base
    • New helpers: forEachOwnKey, forEachOwnKeySafe — iteration over both string and symbol keys (existing forEachOwnKeySafe was string-only)
    • New helper: objForEachKeySafe — safe string-key iteration that filters __proto__, constructor, prototype
    • Extended isUnsafeTarget coverage to TypedArrays, ArrayBuffer, DataView, WeakRef, FinalizationRegistry

Security Issue

  • CVE-2026-46681 Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
    • Also affected setValueByKey and setValueByIter
    • #565 feat: add prototype-pollution guards and array key helpers

Bug Fixes

  • #558 Fix ES2015 built-in type errors in consumers by adding lib reference directive to published declarations
    • Consumers using "lib": ["ES5", "DOM"] (or omitting lib) received Cannot find name 'Symbol' / Cannot find name 'Iterator' errors because the published .d.ts exposed ES2015 types without declaring the dependency
    • Added /// <reference lib="es2015" /> to the source entry points (index.ts, polyfills.ts) and a new post-processing script (lib/scripts/setTsReferences.js) that prepends the directive to the api-extractor bundled output (api-extractor strips these directives from its rollup)
    • Added "lib": ["ES2015", "DOM"] to all library and test tsconfig files for consistent compile-time validation
    • Net effect: consumers no longer need to add "ES2015" to their own tsconfig.json lib settings
  • #561 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEachKey
    • #566 Fix falsy thisArg (0, '', false) being overridden in arrForEach, iterForOf, objForEachKey
  • #562 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfills

Repository Improvements

  • #549 Drop Node.js 16 from CI matrix and add Node.js 24
  • #552 Upgrade Grunt devDependency to v1.6.2
  • #554 Add funding metadata to published package manifests
  • #556 Add release PR instructions to Copilot instructions

Dependency Updates

... (truncated)

Commits
  • 45cb369 [Release] Increase version to 0.14.0 (#567)
  • 5e887f4 Add new object utility helpers and harden defaults against prototype pollutio...
  • 0a486d3 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEa...
  • 9362b6e Bump puppeteer from 24.43.1 to 25.0.2 (#559)
  • d65f853 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfill...
  • 26b4766 Add prototype-pollution guards and array key helpers (#565)
  • 4d28559 Fix ES2015 built-in type errors in consumers by adding lib reference directiv...
  • da838a4 docs: add release PR instructions to copilot instructions (#556)
  • 97d40a2 Add funding metadata to published package manifests (#554)
  • 287f7c9 Upgrade Grunt devDependency to v1.6.2 (#552)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 21, 2026 22:01
Copilot AI review requested due to automatic review settings May 21, 2026 22:01
Copilot AI reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@dependabot
chore(deps): bump @nevware21/ts-utils from 0.13.0 to 0.14.0
b4f96a9 
Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.13.0...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/nevware21/ts-utils-0.14.0 branch from 1254d02 to b4f96a9 Compare May 23, 2026 20:22
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 23, 2026

✅ Code Quality Checks

Check Status How to fix
Localization (l10n) ✅ Passed
ESLint ✅ Passed
Prettier formatting ✅ Passed

This comment is updated automatically on each push.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 23, 2026

📦 Build Size Report

Metric Base (main) PR Delta
VSIX (vscode-documentdb-0.8.0.vsix) 7.51 MB 7.51 MB ⬆️ +0 KB (+0.0%)
Webview bundle (views.js) 5.79 MB 5.79 MB ✅ 0 KB (0.0%)

Download artifact · updated automatically on each push.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant