Bump the npm_and_yarn group across 2 directories with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.80.0	0.91.1
@github/copilot	1.0.12	1.0.43
dompurify	3.3.2	3.4.0
electron	37.8.0	39.8.5
vitest	3.2.4	4.1.8
@hono/node-server	1.19.10	1.19.14
@nevware21/ts-utils	0.12.5	0.15.0
protobufjs	7.5.4	7.6.3
basic-ftp	5.2.0	5.3.1
fast-uri	3.0.5	3.1.2
fast-xml-builder	1.1.4	1.2.0
fast-xml-parser	5.5.7	5.8.0
hono	4.12.7	4.12.25
ip-address	10.1.0	10.2.0
path-to-regexp	8.3.0	8.4.2
postcss	8.5.6	8.5.15
qs	6.14.2	6.15.2
shell-quote	1.8.1	1.8.4
tmp	0.2.4	0.2.7
vite	7.1.12	7.3.5
ws	8.19.0	8.21.0

Bumps the npm_and_yarn group with 5 updates in the /chat-lib directory:

Package	From	To
@anthropic-ai/sdk	0.80.0	0.91.1
vitest	3.2.4	3.2.6
postcss	8.5.6	8.5.15
shell-quote	1.8.1	1.8.4
vite	7.2.2	7.3.5

Updates @anthropic-ai/sdk from 0.80.0 to 0.91.1

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.91.1

0.91.1 (2026-04-24)

Full Changelog: sdk-v0.91.0...sdk-v0.91.1

Bug Fixes

• memory: use restrictive file mode for memory files (#901) (6db3b7e)

Chores

• formatter: run prettier and eslint separately (974d22f)

sdk: v0.91.0

0.91.0 (2026-04-23)

Full Changelog: sdk-v0.90.0...sdk-v0.91.0

Features

• api: CMA Memory public beta (ddf732f)
• bedrock: use auth header for mantle client (#866) (aec801a)

Bug Fixes

• api: fix errors in api spec (ae10768)
• api: restore missing features (1a5b47b)

Chores

• internal: more robust bootstrap script (7716e19)
• tests: bump steady to v0.22.1 (219a971)

sdk: v0.90.0

0.90.0 (2026-04-16)

Full Changelog: sdk-v0.89.0...sdk-v0.90.0

Features

• api: add claude-opus-4-7, token budgets and user_profiles (b26134b)

Chores

• actually delete release-doctor.yml (0fe984d)
• ci: remove release-doctor workflow (08e58bd)

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.91.1 (2026-04-24)

Full Changelog: sdk-v0.91.0...sdk-v0.91.1

Bug Fixes

• memory: use restrictive file mode for memory files (#901) (6db3b7e)

Chores

• formatter: run prettier and eslint separately (974d22f)

0.91.0 (2026-04-23)

Full Changelog: sdk-v0.90.0...sdk-v0.91.0

Features

• api: CMA Memory public beta (ddf732f)
• bedrock: use auth header for mantle client (#866) (aec801a)

Bug Fixes

• api: fix errors in api spec (ae10768)
• api: restore missing features (1a5b47b)

Chores

• internal: more robust bootstrap script (7716e19)
• tests: bump steady to v0.22.1 (219a971)

0.90.0 (2026-04-16)

Full Changelog: sdk-v0.89.0...sdk-v0.90.0

Features

• api: add claude-opus-4-7, token budgets and user_profiles (b26134b)

Chores

• actually delete release-doctor.yml (0fe984d)
• ci: remove release-doctor workflow (08e58bd)

0.89.0 (2026-04-14)

... (truncated)

Commits

• 74ac150 chore: release main (#1014)
• 22cb810 chore: release main (#1008)
• 93ac7c7 chore: release main (#1003)
• 39549e9 chore: release main (#993)
• 089fe05 chore: release main (#987)
• 73f128f chore: release main (#985)
• fd6cf54 chore: release main (#983)
• 79d1d73 chore: release main (#982)
• 4ade5b1 chore: release main (#979)
• 4368602 chore: release main (#978)
• Additional commits viewable in compare view

Updates @github/copilot from 1.0.12 to 1.0.43

Release notes

Sourced from @​github/copilot's releases.

1.0.43

2026-05-06

• Add username toggle to /statusline picker to display the active account in the footer
• Auto mode uses server-side model routing for improved real-time model selection
• Resume prompt shows correct session name when multiple sessions are active
• Protect against RCE from malicious bare repositories nested inside a project (for more information, GHSA-9ccr-r5hg-74gf)
• MCP server child processes (e.g. started via npx or uvx) are now fully terminated when a session ends
• Show download progress when running the update command

1.0.43-0

Improved

• Show download progress when running the update command

Fixed

• MCP server child processes (e.g. started via npx or uvx) are now fully terminated when a session ends

1.0.42

2026-05-06

• MCP server failure warning now suggests a directly runnable /mcp show command when the server name contains whitespace
• MCP server failure warnings include stderr output to help diagnose connection errors
• Add -C flag to change working directory before starting, similar to git -C
• Exit message resume command shows session ID instead of auto-generated name when session has not been renamed
• Remote session export now supports non-GitHub repositories and repo-less directories
• Resuming a session no longer shows a false "session in use" warning after choosing "Go back"
• Enter key no longer gets permanently stuck after cancelling a request
• Suppress the exit summary when the session has no user messages and no saved session to resume
• CLI updates on Windows no longer fail with ENOENT when a transient EPERM occurs during package extraction
• Add rubber-duck agent for GPT sessions, powered by Claude (available in /experimental)

1.0.42-0

Added

• Add rubber-duck agent for GPT sessions, powered by Claude (available in /experimental)

1.0.41

2026-05-05

• CLI starts faster by rendering the UI immediately while authentication resolves in the background
• Shell completions (bash, zsh, fish) are automatically installed on first run and updated after copilot update
• Tab-completing slash commands that accept arguments now adds a trailing space automatically
• Package extraction no longer crashes on Windows when antivirus or filesystem locks cause transient EPERM errors
• Remote session connection errors show your logged-in account and tailored remediation steps
• Markdown formatting renders in ask user prompt questions
• Add experimental MCP Tasks support: MCP tools with taskSupport: "required" run as non-blocking background agents trackable via list_agents and read_agent (available when experimental mode is enabled, e.g. via /experimental on or the --experimental flag)
• Extensions now load in prompt mode (-p). User extensions load by default; project extensions alnd management tools require GITHUB_COPILOT_PROMPT_MODE_EXTENSIONS=true.
• Assistant responses no longer contain spurious system notification XML tags
• Large output guidance correctly references the configured grep tool name
• Adding a plugin marketplace using a git SSH URL (e.g. git@github.com:owner/repo) now works correctly
• Slash command picker searches command descriptions and underlines matched characters

... (truncated)

Changelog

Sourced from @​github/copilot's changelog.

1.0.43 - 2026-05-06

• Add username toggle to /statusline picker to display the active account in the footer
• Auto mode uses server-side model routing for improved real-time model selection
• Resume prompt shows correct session name when multiple sessions are active
• Protect against RCE from malicious bare repositories nested inside a project
• MCP server child processes (e.g. started via npx or uvx) are now fully terminated when a session ends
• Show download progress when running the update command

1.0.42 - 2026-05-06

• MCP server failure warning now suggests a directly runnable /mcp show command when the server name contains whitespace
• MCP server failure warnings include stderr output to help diagnose connection errors
• Add -C flag to change working directory before starting, similar to git -C
• Exit message resume command shows session ID instead of auto-generated name when session has not been renamed
• Remote session export now supports non-GitHub repositories and repo-less directories
• Resuming a session no longer shows a false "session in use" warning after choosing "Go back"
• Enter key no longer gets permanently stuck after cancelling a request
• Suppress the exit summary when the session has no user messages and no saved session to resume
• CLI updates on Windows no longer fail with ENOENT when a transient EPERM occurs during package extraction
• Add rubber-duck agent for GPT sessions, powered by Claude (available in /experimental)

1.0.41 - 2026-05-05

• CLI starts faster by rendering the UI immediately while authentication resolves in the background
• Shell completions (bash, zsh, fish) are automatically installed on first run and updated after copilot update
• Tab-completing slash commands that accept arguments now adds a trailing space automatically
• Package extraction no longer crashes on Windows when antivirus or filesystem locks cause transient EPERM errors
• Remote session connection errors show your logged-in account and tailored remediation steps
• Markdown formatting renders in ask user prompt questions
• Add experimental MCP Tasks support: MCP tools with taskSupport: "required" run as non-blocking background agents trackable via list_agents and read_agent (available when experimental mode is enabled, e.g. via /experimental on or the --experimental flag)
• Extensions now load in prompt mode (-p). User extensions load by default; project extensions alnd management tools require GITHUB_COPILOT_PROMPT_MODE_EXTENSIONS=true.
• Assistant responses no longer contain spurious system notification XML tags
• Large output guidance correctly references the configured grep tool name
• Adding a plugin marketplace using a git SSH URL (e.g. git@github.com:owner/repo) now works correctly
• Slash command picker searches command descriptions and underlines matched characters
• Memory tool confirmation prompt now shows the scope (repository or user) when requesting permission to store a memory
• SQL todo timeline entries display more accurately for INSERT OR IGNORE/REPLACE and blocked status updates
• Streaming text and shimmer animations stay smooth on slow or busy hosts
• Add --attachment flag in non-interactive (-p/--prompt) mode to attach files (images or native documents) to the initial prompt
• @-mention completion works for ./ paths, no longer adds trailing space on directories, and shows project files before workspace roots
• Improve stability on Windows by working around a V8 crash in Node 24.x
• Session files containing Unicode line separator characters load correctly
• Reasoning effort picker hint text displays "Esc to cancel" with correct spacing
• Improve reliability of file edits by better recovering from fuzzy or misaligned edit blocks

1.0.40 - 2026-05-01

• PR branch decoration displays correctly in the footer regardless of model name length
• /clear and /new reset the active custom agent selection

... (truncated)

Commits

• 5ab6de6 Update changelog.md for version 1.0.42
• ac346d1 Update changelog.md for version 1.0.41
• cc85e32 Update changelog.md for version 1.0.40
• cb0ddf8 Update changelog.md for version 1.0.39
• 4e5cb95 Update changelog.md for version 1.0.37
• 6d1c577 Update changelog.md for version 1.0.36
• d7a0581 Update changelog.md for version 1.0.35
• 6594437 Update changelog.md for version 1.0.34
• 75fbe0c Update changelog.md for version 1.0.33
• 4e51f5a Update changelog.md for version 1.0.32
• Additional commits viewable in compare view

Updates dompurify from 3.3.2 to 3.4.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.0

Most relevant changes:

• Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
• Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
• Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
• Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
• Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
• Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
• Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
• Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
• Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
• Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
• Fixed a problem with the type dentition patcher after Node version bump
• Fixed freezing BS runs by reducing the tested browsers array
• Bumped several dependencies where possible
• Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

DOMPurify 3.3.3

• Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

Commits

• 5b16e0b Getting 3.x branch ready for 3.4.0 release (#1250)
• 8bcbf73 chore: Preparing 3.3.3 release
• 5faddd6 fix: engine requirement (#1210)
• 0f91e3a Update README.md
• d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
• c3efd48 fix: moved back from jsdom 28 to jsdom 20
• 988b888 fix: moved back from jsdom 28 to jsdom 20
• 2726c74 chore: Preparing 3.3.2 release
• 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
• 302b51d fix: Expanded the regex ever so slightly to also cover script
• Additional commits viewable in compare view

Updates electron from 37.8.0 to 39.8.5

Release notes

Sourced from electron's releases.

electron v39.8.5

Release Notes for v39.8.5

Fixes

• Fixed a crash in clipboard.readImage() when the clipboard contains malformed image data. #50493 (Also in 40, 41, 42)
• Fixed a crash when calling an offscreen shared texture's release() after the texture object was garbage collected. #50499 (Also in 40, 41, 42)

electron v39.8.4

Release Notes for v39.8.4

Fixes

• Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)
• Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)
• Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)
• Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

• Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)
• Backported fix for 485935305. #50440
• Backported fix for 489381399. #50443
• Backported fix for chromium:475877320. #50436
• Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

• Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)
• Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

• Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

• Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)
• Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)
• Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)
• Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)
• Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)

... (truncated)

Commits

• 9d2f8cb refactor: remove dead named-window lookup from guest-window-manager (#50498)
• 1173004 fix: crash calling OSR shared texture release() after texture GC'd (#50499)
• be37ade fix: crash in clipboard.readImage() on malformed image data (#50493)
• 7007907 chore: cherry-pick 3 changes from chromium (#50461)
• 2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
• 4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
• 0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
• 64373df chore: cherry-pick 074d472db745 from chromium (#50443)
• 13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
• 16a0385 ci: output build cache hit rate as GHA annotation (#50369)
• Additional commits viewable in compare view

Updates vitest from 3.2.4 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

... (truncated)

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• a09d472 chore: release v4.1.7
• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Updates @hono/node-server from 1.19.10 to 1.19.14

Release notes

Sourced from @​hono/node-server's releases.

v1.19.14

What's Changed

• fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @​usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

• chore: ignore claude setting by @​yusukebe in honojs/node-server#314
• fix: request draining for early 413 responses by @​usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

• fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

Commits

• b5e63a3 1.19.14
• c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
• fd64e65 1.19.13
• 025c30f Merge commit from fork
• 6cdb5a7 1.19.12
• 70250f7 fix: request draining for early 413 responses (#329)
• cfc08b3 chore: ignore claude setting (#314)
• ecd4d6b 1.19.11
• c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
• See full diff in compare view

Updates @nevware21/ts-utils from 0.12.5 to 0.15.0

Release notes

Sourced from @​nevware21/ts-utils's releases.

0.15.0

Changelog

Features

• #570 Add microtask scheduling helpers with native queueMicrotask, Promise, and timer-backed fallbacks
  • New functions: scheduleMicrotask, hasQueueMicrotask, getQueueMicrotask, setMicroTaskFallbackOptions
  • New public types: ScheduleMicrotaskFn, MicroTaskOptions
  • Extends microtask support by providing cancellable microtasks via ITimerHandler, plus fallback ordering to run microtasks before queued timers when using the timer-backed implementation
  • Provides runtime parity across all supported environments by using native queueMicrotask when present, Promise-backed scheduling when available, and a timer-backed microtask queue otherwise
• #573 Add nextTick scheduling support and new helper exports
  • New timer/runtime functions: scheduleNextTick, getProcessNextTick, hasProcessNextTick, setNextTickFallbackOptions
  • Uses native process.nextTick in Node runtimes when available, while providing equivalent nextTick behavior in browser and worker runtimes via Promise and timer-backed fallbacks
  • Adds shared queue logic and callback-argument support across microtask and nextTick scheduling
  • Adds arrConcat as a dedicated array helper and fnBindArgs as a dedicated function helper
  • Improves function binding typing with exported BoundFunction and updated signatures for fnBind / fnBindArgs
• #574 feat(iterator,array): add iterator collection helpers, split helper modules, and align collection membership semantics
  • Added new iterator helpers: iterMap, iterFilter, iterTake, iterReduce, iterSome, iterEvery, iterToArray, iterUnion, iterIntersection, iterDifference
  • Added arrToMap helper in the array module and moved callback/type declarations into iterator/types
  • Refactored iterator helper implementation/tests into per-function files and updated root exports
  • Added NaN regression coverage and switched iterator set-operation membership checks to arrIncludes semantics for parity with array helpers
• #576 Refactor timer microtask/nextTick shared types and environment helpers, with expanded fallback coverage
  • Moved MicrotaskFn and ScheduleMicrotaskFn to helpers/types and updated timer internals to consume shared type definitions
  • Moved getQueueMicrotask and hasQueueMicrotask to helpers/environment, updated root exports, and aligned scheduleNextTick fallback resolution to prefer queueMicrotask when available
  • Added internal microtaskQueue scheduler helper wiring and expanded tests for queue fallback behavior, Promise ordering, and no-Promise edge cases

Bug Fixes

• #568 Rolldown INVALID_ANNOTATION warnings caused by non-canonical PURE annotation spacing in generated output
  • #569 Add generated-chunk PURE annotation normalization so spaced forms are rewritten to canonical (/*#__PURE__*/ / (/*@__PURE__*/ in rollup output
  • #575 Add packaged artifact validation for PURE annotation spacing and update normalization tolerance, with per-file logging while scanning lib/bundle and lib/dist

New Contributors

• @​hrithik-infinite made their first contribution in nevware21/ts-utils#569

Full Changelog: nevware21/ts-utils@0.14.0...0.15.0

0.14.0

Changelog

Features

• #525 feat(array): add new array helpers and array-like detection
  • New helpers: isArrayLike, arrUnique, arrCompact, arrFlatten, arrGroupBy, arrChunk and export previously missed isArrayLike
• #527 feat(string): add strReplace and strReplaceAll helpers with refactored internal replacements
• #528 feat(string): add strCapitalizeWords helper
• #529 / #530 feat(string): add strTruncate, strCount, strAt, and strMatchAll helpers with shared literal regex helper
• #533 feat(array): add arrFlatMap with ES5 polyfill support
• #535 docs(types): add typing utilities for v0.14.0 and expand TSDoc examples
• #536 feat: add isAsyncIterable and isIntegerInRange type/value inspection helpers

... (truncated)

Changelog

Sourced from @​nevware21/ts-utils's changelog.

v0.15.0 May 29th, 2026

Changelog

Features

• #570 Add microtask scheduling helpers with native queueMicrotask, Promise, and timer-backed fallbacks
  • New functions: scheduleMicrotask, hasQueueMicrotask, getQueueMicrotask, setMicroTaskFallbackOptions
  • New public types: ScheduleMicrotaskFn, MicroTaskOptions
  • Extends microtask support by providing cancellable microtasks via ITimerHandler, plus fallback ordering to run microtasks before queued timers when using the timer-backed implementation
  • Provides runtime parity across all supported environments by using native queueMicrotask when present, Promise-backed scheduling when available, and a timer-backed microtask queue otherwise
• #573 Add nextTick scheduling support and new helper exports
  • New timer/runtime functions: scheduleNextTick, getProcessNextTick, hasProcessNextTick, setNextTickFallbackOptions
  • Uses native process.nextTick in Node runtimes when available, while providing equivalent nextTick behavior in browser and worker runtimes via Promise and timer-backed fallbacks
  • Adds shared queue logic and callback-argument support across microtask and nextTick scheduling
  • Adds arrConcat as a dedicated array helper and fnBindArgs as a dedicated function helper
  • Improves function binding typing with exported BoundFunction and updated signatures for fnBind / fnBindArgs
• #574 feat(iterator,array): add iterator collection helpers, split helper modules, and align collection membership semantics
  • Added new iterator helpers: iterMap, iterFilter, iterTake, iterReduce, iterSome, iterEvery, iterToArray, iterUnion, iterIntersection, iterDifference
  • Added arrToMap helper in the array module and moved callback/type declarations into iterator/types
  • Refactored iterator helper implementation/tests into per-function files and updated root exports
  • Added NaN regression coverage and switched iterator set-operation membership checks to arrIncludes semantics for parity with array helpers
• #576 Refactor timer microtask/nextTick shared types and environment helpers, with expanded fallback coverage
  • Moved MicrotaskFn and ScheduleMicrotaskFn to helpers/types and updated timer internals to consume shared type definitions
  • Moved getQueueMicrotask and hasQueueMicrotask to helpers/environment, updated root exports, and aligned scheduleNextTick fallback resolution to prefer queueMicrotask when available
  • Added internal microtaskQueue scheduler helper wiring and expanded tests for queue fallback behavior, Promise ordering, and no-Promise edge cases

Bug Fixes

• #568 Rolldown INVALID_ANNOTATION warnings caused by non-canonical PURE annotation spacing in generated output
  • #569 Add generated-chunk PURE annotation normalization so spaced forms are rewritten to canonical (/*#__PURE__*/ / (/*@__PURE__*/ in rollup output

[dependabot]

Superseded by #9.