Skip to content

chore(deps): bump @nevware21/ts-utils from 0.13.0 to 0.14.0 in /src/Dashboard/frontend#34

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/src/Dashboard/frontend/nevware21/ts-utils-0.14.0
Open

chore(deps): bump @nevware21/ts-utils from 0.13.0 to 0.14.0 in /src/Dashboard/frontend#34
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/src/Dashboard/frontend/nevware21/ts-utils-0.14.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026

Bumps @nevware21/ts-utils from 0.13.0 to 0.14.0.

Release notes

Sourced from @​nevware21/ts-utils's releases.

0.14.0

Changelog

Features

  • #525 feat(array): add new array helpers and array-like detection
    • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
  • #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
  • #528 feat(string): add strCapitalizeWords helper
  • #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
  • #533 feat(array): add arrFlatMap with ES5 polyfill support
  • #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
  • #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
  • #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers
  • #564 feat(object): add new object utility helpers and harden defaults against prototype pollution
    • New helpers: objPick, objOmit, objPickBy, objOmitBy — property selection and omission with typed overloads
    • New helpers: objMapValues — create a new object with values transformed by a mapper function
    • New helpers: objMergeIf, objDefaults — conditional merge and shallow defaults (similar to Lodash _.defaults) hardened against prototype pollution
    • New helper: objDiff — shallow diff returning only changed/added keys from a modified object vs a base
    • New helpers: forEachOwnKey, forEachOwnKeySafe — iteration over both string and symbol keys (existing forEachOwnKeySafe was string-only)
    • New helper: objForEachKeySafe — safe string-key iteration that filters __proto__, constructor, prototype
    • Extended isUnsafeTarget coverage to TypedArrays, ArrayBuffer, DataView, WeakRef, FinalizationRegistry

Security Issue

  • CVE-2026-46681 Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
    • Also affected setValueByKey and setValueByIter
    • #565 feat: add prototype-pollution guards and array key helpers

Bug Fixes

  • #558 Fix ES2015 built-in type errors in consumers by adding lib reference directive to published declarations
    • Consumers using "lib": ["ES5", "DOM"] (or omitting lib) received Cannot find name 'Symbol' / Cannot find name 'Iterator' errors because the published .d.ts exposed ES2015 types without declaring the dependency
    • Added /// <reference lib="es2015" /> to the source entry points (index.ts, polyfills.ts) and a new post-processing script (lib/scripts/setTsReferences.js) that prepends the directive to the api-extractor bundled output (api-extractor strips these directives from its rollup)
    • Added "lib": ["ES2015", "DOM"] to all library and test tsconfig files for consistent compile-time validation
    • Net effect: consumers no longer need to add "ES2015" to their own tsconfig.json lib settings
  • #561 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEachKey
    • #566 Fix falsy thisArg (0, '', false) being overridden in arrForEach, iterForOf, objForEachKey
  • #562 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfills

Repository Improvements

  • #549 Drop Node.js 16 from CI matrix and add Node.js 24
  • #552 Upgrade Grunt devDependency to v1.6.2
  • #554 Add funding metadata to published package manifests
  • #556 Add release PR instructions to Copilot instructions

Full Changelog

Changelog

Sourced from @​nevware21/ts-utils's changelog.

v0.14.0 May 18th, 2026

Changelog

Features

  • #525 feat(array): add new array helpers and array-like detection
    • New helpers: isArrayLike, arrSlice, and other array utility improvements
  • #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
  • #528 feat(string): add strCapitalizeWords helper
  • #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
  • #533 feat(array): add arrFlatMap with ES5 polyfill support
  • #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
  • #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers
  • #543 feat(string): add strStartsWithAny, strEndsWithAny, strWrap, strUnwrap, and strNormalizeNewlines helpers
  • #564 feat(object): add new object utility helpers and harden defaults against prototype pollution
    • New helpers: objPick, objOmit, objPickBy, objOmitBy — property selection and omission with typed overloads
    • New helpers: objMapValues — create a new object with values transformed by a mapper function
    • New helpers: objMergeIf, objDefaults — conditional merge and shallow defaults (similar to Lodash _.defaults) hardened against prototype pollution
    • New helper: objDiff — shallow diff returning only changed/added keys from a modified object vs a base
    • New helpers: forEachOwnKey, forEachOwnKeySafe — iteration over both string and symbol keys (existing forEachOwnKeySafe was string-only)
    • New helper: objForEachKeySafe — safe string-key iteration that filters __proto__, constructor, prototype
    • Extended isUnsafeTarget coverage to TypedArrays, ArrayBuffer, DataView, WeakRef, FinalizationRegistry

Security Issue

  • CVE-2026-46681 Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
    • Also affected setValueByKey and setValueByIter
    • #565 feat: add prototype-pollution guards and array key helpers

Bug Fixes

  • #558 Fix ES2015 built-in type errors in consumers by adding lib reference directive to published declarations
    • Consumers using "lib": ["ES5", "DOM"] (or omitting lib) received Cannot find name 'Symbol' / Cannot find name 'Iterator' errors because the published .d.ts exposed ES2015 types without declaring the dependency
    • Added /// <reference lib="es2015" /> to the source entry points (index.ts, polyfills.ts) and a new post-processing script (lib/scripts/setTsReferences.js) that prepends the directive to the api-extractor bundled output (api-extractor strips these directives from its rollup)
    • Added "lib": ["ES2015", "DOM"] to all library and test tsconfig files for consistent compile-time validation
    • Net effect: consumers no longer need to add "ES2015" to their own tsconfig.json lib settings
  • #561 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEachKey
    • #566 Fix falsy thisArg (0, '', false) being overridden in arrForEach, iterForOf, objForEachKey
  • #562 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfills

Repository Improvements

  • #549 Drop Node.js 16 from CI matrix and add Node.js 24
  • #552 Upgrade Grunt devDependency to v1.6.2
  • #554 Add funding metadata to published package manifests
  • #556 Add release PR instructions to Copilot instructions

Dependency Updates

... (truncated)

Commits
  • 45cb369 [Release] Increase version to 0.14.0 (#567)
  • 5e887f4 Add new object utility helpers and harden defaults against prototype pollutio...
  • 0a486d3 Bug: Falsy thisArg (0, '', false) overridden in arrForEach/iterForOf/objForEa...
  • 9362b6e Bump puppeteer from 24.43.1 to 25.0.2 (#559)
  • d65f853 Fix thisArg binding in polyArrFindIndex / polyArrFindLastIndex polyfill...
  • 26b4766 Add prototype-pollution guards and array key helpers (#565)
  • 4d28559 Fix ES2015 built-in type errors in consumers by adding lib reference directiv...
  • da838a4 docs: add release PR instructions to copilot instructions (#556)
  • 97d40a2 Add funding metadata to published package manifests (#554)
  • 287f7c9 Upgrade Grunt devDependency to v1.6.2 (#552)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @nevware21/ts-utils in /src/Dashboard/frontend
81647c7 
Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.13.0...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@dependabot dependabot Bot requested a review from alfarahn as a code owner May 21, 2026 22:26
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alfarahn alfarahn Awaiting requested review from alfarahn alfarahn is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants