Skip to content

chore(deps-dev): bump typescript from 5.9.3 to 6.0.3#485

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript-6.0.3
Open

chore(deps-dev): bump typescript from 5.9.3 to 6.0.3#485
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript-6.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps typescript from 5.9.3 to 6.0.3.

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
@kw-security

kw-security commented Jun 28, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/typescript-6.0.3 branch 2 times, most recently from a3ddde3 to ced93f8 Compare June 29, 2026 17:50
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/typescript-6.0.3 branch from ced93f8 to e460271 Compare July 7, 2026 13:39
@dependabot dependabot Bot requested a review from a team as a code owner July 7, 2026 13:39

@dj4oC dj4oC left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumps typescript 5.9.36.0.3 (devDependency) across the monorepo root and 9 packages.

Findings

Stability (blocking, verified by actually running the type checker). I checked out this PR branch, ran pnpm install --frozen-lockfile (succeeds), then pnpm check:types across the workspace. packages/web-app-json-viewer fails:

src/App.vue(17,8): error TS2882: Cannot find module or type declarations for side-effect import of 'vanilla-jsoneditor/themes/jse-theme-dark.css'.

I confirmed this is a regression introduced by this PR, not pre-existing: checking out main (TypeScript 5.9.3) and running pnpm --filter json-viewer check:types passes cleanly; re-checking out this PR branch (TypeScript 6.0.3) reproduces the failure every time. TS2882 is new/stricter diagnostic behavior in TypeScript 6 around side-effect CSS imports without ambient type declarations — every other package in the workspace type-checks fine under 6.0.3, this is isolated to json-viewer's CSS side-effect import.

Security / Performance. No issues — dev-only type-checker bump, no runtime/bundle impact.

Test coverage. N/A (dependency bump); pnpm check:types in CI is exactly what should (and did, when I ran it) catch this.

Deployment topology check

N/A — dev tooling only.

Verdict

Changes requested — web-app-json-viewer needs an ambient module declaration (or equivalent) for the vanilla-jsoneditor/themes/*.css side-effect import before this TypeScript 6 bump can merge; every other package is unaffected.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@dj4oC dj4oC left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigated the red check:types job (this repo's CI has been failing since 2026-07-07, not yet reviewed by this bot — flagged per the "fix red CI proactively" rule).

Findings

  • Stability (blocking merge, not a bug in this PR's intent): TypeScript 5.9.3→6.0.3 is a major bump. TS 6.0 added diagnostic TS2882, which now rejects side-effect CSS imports without a matching ambient module declaration. This breaks packages/web-app-json-viewer/src/App.vue:17:
    error TS2882: Cannot find module or type declarations for side-effect import of 'vanilla-jsoneditor/themes/jse-theme-dark.css'.
    
    Fix: add an ambient declaration (e.g. declare module '*.css' in a src/shims.d.ts, consistent with how other packages in this monorepo already type CSS imports) so the side-effect import resolves under TS 6.0's stricter check.
  • This is the only failure; all other 19 workspace packages' type-checks pass under TS 6.0.3.

Test coverage

n/a — dependency bump, no new code path.

Verdict

Changes requested (blocked on CI) — not mergeable as-is; needs the ambient .css module shim in web-app-json-viewer before this major bump can land. Recommend splitting major devDependency bumps like this into their own reviewed PR rather than Dependabot's default single-bump PR, since check:types across 20 packages is on the critical path.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants