From ee4bc7b8bb60b416ade4b40bd6102c5ae4781616 Mon Sep 17 00:00:00 2001
From: Hector Hernandez <39923391+hectorhdzg@users.noreply.github.com>
Date: Tue, 26 May 2026 13:45:19 -0700
Subject: [PATCH 1/3] chore: fix high severity prototype pollution
 vulnerability in @nevware21/ts-utils and update changelog for 2.0.4

---
 RELEASES.md         | 30 ++++++++++++++++++++++++++++++
 lib/package.json    |  2 +-
 package.json        |  2 +-
 rollup/package.json |  2 +-
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/RELEASES.md b/RELEASES.md
index f64fd82..b575807 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -1,5 +1,35 @@
 # Releases
 
+## 2.0.4 (May 26th, 2026)
+
+### Security
+
+- Fix high severity Prototype Pollution vulnerability in `@nevware21/ts-utils` by updating minimum version to >= 0.14.0 (GHSA-x7j8-49r8-mr43)
+- #107 Fix vulnerable dependencies and update Node.js CI matrix
+
+### Performance
+
+- #108 Cache deep hierarchy method resolution for improved performance
+- #109 Cache prototype chain walk to reduce construction from O(M*D) to O(M)
+
+### Changes
+
+- #106 Update dependencies
+- #105 Update to npm 9.9.4
+- #104 Update version of @microsoft/rush
+- #103 Fix additional tests to only use local resources
+- #102 Fix tests to only use local resources
+- #101 Update build dependencies
+- #100 Fix vulnerable dependencies
+- #99 Fix docs generation and update shrinkwrap
+- #98 Remove unused jQuery files from repository
+- #94 Update components to address governance issues
+- #93 Fix code scanning alert: unused variable, import, function or class
+- #92 Remove leading blank line from rush.json config
+- #91 Update rush version
+- #88 Add packaging helper script
+- Remove Rush monorepo tooling, update build instructions
+
 ## 2.0.3 (Jan 11th, 2024)
 
 Blocks a medium level prototype pollution vulnerability.
diff --git a/lib/package.json b/lib/package.json
index 45b9ad9..b3f991d 100644
--- a/lib/package.json
+++ b/lib/package.json
@@ -39,7 +39,7 @@
   "license": "MIT",
   "sideEffects": false,
   "dependencies": {
-    "@nevware21/ts-utils": ">= 0.13.0 < 2.x"
+    "@nevware21/ts-utils": ">= 0.14.0 < 2.x"
   },
   "devDependencies": {
     "@microsoft/applicationinsights-rollup-es3" : "^1.0.1",
diff --git a/package.json b/package.json
index 5a9fa58..e0e3f47 100644
--- a/package.json
+++ b/package.json
@@ -47,7 +47,7 @@
     "minimatch": ">=3.1.2"
   },
   "dependencies": {
-    "@nevware21/ts-utils": ">= 0.13.0 < 2.x"
+    "@nevware21/ts-utils": ">= 0.14.0 < 2.x"
   },
   "devDependencies": {
     "@nevware21/grunt-eslint-ts": "^0.5.2",
diff --git a/rollup/package.json b/rollup/package.json
index 0688fd9..227ab3f 100644
--- a/rollup/package.json
+++ b/rollup/package.json
@@ -36,7 +36,7 @@
     "minimatch": ">=3.1.2"
   },
   "dependencies": {
-    "@nevware21/ts-utils": ">= 0.13.0 < 2.x"
+    "@nevware21/ts-utils": ">= 0.14.0 < 2.x"
   },
   "devDependencies": {
     "@types/glob": "^7.1.3",

From 4175e4345d05a277d828a2b37831185a4b2ed1af Mon Sep 17 00:00:00 2001
From: Hector Hernandez <39923391+hectorhdzg@users.noreply.github.com>
Date: Tue, 26 May 2026 13:57:07 -0700
Subject: [PATCH 2/3] chore: bump version to 2.0.4 and set release date to TBD

---
 RELEASES.md      | 2 +-
 lib/package.json | 2 +-
 package.json     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/RELEASES.md b/RELEASES.md
index b575807..ba56cfb 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -1,6 +1,6 @@
 # Releases
 
-## 2.0.4 (May 26th, 2026)
+## 2.0.4 (TBD)
 
 ### Security
 
diff --git a/lib/package.json b/lib/package.json
index b3f991d..e5d33e4 100644
--- a/lib/package.json
+++ b/lib/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@microsoft/dynamicproto-js",
   "author": "Microsoft Application Insights Team",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "Microsoft Dynamic Proto Utility",
   "keywords": [
     "javascript",
diff --git a/package.json b/package.json
index e0e3f47..20862e2 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@microsoft/dynamicproto-js",
   "description": "Microsoft Dynamic Proto Utility",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "keywords": [
     "javascript",
     "dynamic prototype",

From f8b36ada026e9963ae26412377aca0ac94532182 Mon Sep 17 00:00:00 2001
From: Hector Hernandez <39923391+hectorhdzg@users.noreply.github.com>
Date: Tue, 26 May 2026 13:58:18 -0700
Subject: [PATCH 3/3] chore: fix changelog to match existing style

---
 RELEASES.md | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/RELEASES.md b/RELEASES.md
index ba56cfb..283788d 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -2,18 +2,11 @@
 
 ## 2.0.4 (TBD)
 
-### Security
-
-- Fix high severity Prototype Pollution vulnerability in `@nevware21/ts-utils` by updating minimum version to >= 0.14.0 (GHSA-x7j8-49r8-mr43)
-- #107 Fix vulnerable dependencies and update Node.js CI matrix
-
-### Performance
-
-- #108 Cache deep hierarchy method resolution for improved performance
-- #109 Cache prototype chain walk to reduce construction from O(M*D) to O(M)
-
 ### Changes
 
+- #109 Cache prototype chain walk to reduce construction cost
+- #108 Cache deep hierarchy method resolution
+- #107 Fix vulnerable dependencies and update Node.js CI matrix
 - #106 Update dependencies
 - #105 Update to npm 9.9.4
 - #104 Update version of @microsoft/rush
@@ -28,7 +21,8 @@
 - #92 Remove leading blank line from rush.json config
 - #91 Update rush version
 - #88 Add packaging helper script
-- Remove Rush monorepo tooling, update build instructions
+- Remove Rush monorepo tooling and update build instructions
+- Update `@nevware21/ts-utils` minimum version to >= 0.14.0 to address prototype pollution (GHSA-x7j8-49r8-mr43)
 
 ## 2.0.3 (Jan 11th, 2024)