Skip to content

chore(deps-dev): bump typescript from 5.9.3 to 6.0.3#153

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript-6.0.3
Open

chore(deps-dev): bump typescript from 5.9.3 to 6.0.3#153
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript-6.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps typescript from 5.9.3 to 6.0.3.

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
francescoronel Ready Ready Preview, Comment Jul 1, 2026 1:07pm

@FrancesCoronel FrancesCoronel left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a major version bump (TypeScript 5.9.3 → 6.0.3), not a patch/minor update, so flagging for manual review before merge per policy.

TypeScript 6.0 is a major release — worth checking for breaking changes in strictness/inference behavior or config flags before merging, even though this is a dev dependency. No security advisories or deprecation warnings were noted in the PR body.


Generated by Claude Code

Copy link
Copy Markdown
Owner

This is a major version bump (TypeScript 5.9.3 → 6.0.3) and could include breaking changes to type-checking behavior or compiler options. Please review before merging — recommend running npm run build and npm run lint locally (or checking CI here) to confirm no new type errors surface across the codebase before merging.

No security advisories are called out in the Dependabot PR body for this update.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Automated dependency review

typescript 5.9.3 → 6.0.3 — this is a major version bump (5.x → 6.x, devDependency). Flagging for manual review before merge rather than auto-merging, since TypeScript major releases can change type-checking strictness/behavior even without touching source in this diff.

CI status:

  • ✅ Type check — passed
  • ✅ Lint — passed
  • ❌ Security audit — failed, but unrelated to this PR: the 15 flagged vulnerabilities are all in existing transitive deps (@opentelemetry/core, esbuild, form-data, js-yaml, markdown-it, postcss, undici), none introduced by the TypeScript bump
  • ❌ Claude Code Review — failed due to a workflow config issue (dependabot[bot] isn't in allowed_bots), not an actual code review result
  • ⏳ Lighthouse / Playwright — still running at time of this check

Recommendation: Since type-check and lint both pass cleanly against TS 6.0.3, this is likely safe, but given the major version bump please confirm locally (npm run build, npm run test:storybook) before merging.


Posted by an automated dependency-review routine.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Dependabot PR Review

Summary: Major version bump — typescript 5.9.3 → 6.0.3. TypeScript major releases can change type-checking behavior, compiler flags, and lib defaults. Please review the TypeScript 6.0 release notes for breaking changes before merging.

CI Status

Not auto-approving/enabling auto-merge given the major version bump and the failing security-audit gate. Recommend manual review.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Dependabot PR Review

Summary: ⚠️ Major version bumptypescript 5.9.3 → 6.0.3 (devDependency). Flagging for manual review before merge — a TypeScript major bump can surface new type errors across the codebase even though Type check passed on this PR's diff alone.

⚠️ CI is also failing — holding off on approval/auto-merge regardless

Both failures are pre-existing, repo-wide issues unrelated to this specific bump (identical failures on every open Dependabot PR right now):

  • Security auditnpm audit --audit-level=high fails on existing high-severity vulnerabilities already in the lockfile (form-data, undici), not introduced by this PR.
  • Claude Code Review — fails with Workflow initiated by non-human actor: dependabot (type: Bot). .github/workflows/claude-code-review.yml needs allowed_bots: dependabot[bot] (or '*') added to the claude-code-action step to run for bot-authored PRs.

Recommend the team review this major bump manually, and separately fix the CI config issues on main so future Dependabot PRs can pass.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Dependabot PR Review

Summary: ⚠️ Major version bump — please review before merge.

Package From To Type
typescript 5.9.3 6.0.3 major

TypeScript 6.0 is a major release (see the announcement) and can introduce stricter type-checking behavior or flag previously-accepted code. Type check CI is currently green on this PR, which is a good sign, but this warrants a human look before merging given the scope of a TS major bump across the whole codebase.

CI Status

Also not clean: Security audit and Claude Code Review are failing for reasons unrelated to this bump — same pre-existing issues affecting every open Dependabot PR right now (see #145 for the root-cause writeup). Lint, type-check, and Vercel deploy are green.

Not approving or enabling auto-merge — requesting manual review given the major version bump.


Generated by Claude Code

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

📸 Visual snapshots

Screenshots captured for this PR — view all artifacts.

Page Desktop Mobile
/ desktop mobile
/about desktop mobile
/posts desktop mobile
/speaking desktop mobile
/contact desktop mobile
/portfolio desktop mobile
/testimonials desktop mobile
/organizations desktop mobile
/experience desktop mobile
/education desktop mobile

Full Playwright HTML report: open report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant