chore(deps): bump the typescript group across 1 directory with 2 updates

[dependabot]

Bumps the typescript group with 2 updates in the / directory: @types/node and typescript.

Updates @types/node from 25.3.5 to 25.5.0

Commits

• See full diff in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

✔️ Bundle Size Analysis

Metric	Value
Base	2746.81 KB
PR	2746.81 KB
Diff	0 KB (0%)

Bundle breakdown

156K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
24K	dist/cli.js
16K	dist/cli.js.map
664K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
916K	dist/integrations
100K	dist/llm
1.2M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
392K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

[greptile-apps]

Greptile Summary

This Dependabot PR bumps @types/node from 25.3.5 → 25.5.0 and typescript from 5.9.3 → 6.0.2 (a major version jump), along with transitive lockfile updates for @napi-rs/keyring (1.1.9 → 1.1.10) and @sourcegraph/amp (new build hash). The existing tsconfig.json already handles several TypeScript 6.0 default changes correctly (rootDir, strict, module, target are all explicitly set), but the newly-empty default for types is a breaking change that is not accounted for.

Key findings:

• types defaults to [] in TS 6.0 — tsconfig.json has no types field, so @types/node global ambient declarations (process, Buffer, NodeJS.*, etc.) will no longer be auto-included. This CLI project calls process.env/argv/exit/cwd as globals throughout src/, and the build will likely fail without \"types\": [\"node\"] added to compilerOptions.
• Other TS 6.0 breaking defaults are mitigated — rootDir: ./src, strict: true, target: ES2022, module: NodeNext, and moduleResolution: NodeNext are all already explicit, so the new compiler defaults do not affect them.
• docs/tsconfig.json uses the now-deprecated baseUrl — minor, editor-only concern since that file is explicitly excluded from compilation.
• Lockfile picked up extra transitive updates — @napi-rs/keyring and @sourcegraph/amp were bumped in the lockfile as part of normal pnpm resolution; these are not mentioned in the PR description but are expected side-effects.

Confidence Score: 4/5

Not safe to merge as-is — the TS 6.0 types: [] default change will likely break the TypeScript build until "types": ["node"] is added to tsconfig.json.

A single P1 issue blocks this: TypeScript 6.0 no longer auto-includes @types/node globals, and the CLI uses process.* across multiple files. The fix is a one-line addition to tsconfig.json, but without it the build will break. All other TS 6.0 defaults are already handled correctly by the existing tsconfig.

tsconfig.json — needs "types": ["node"] added to compilerOptions before this can be merged safely.

Important Files Changed

Filename	Overview
package.json	Bumps typescript from ^5.7.3 to ^6.0.2 — a major version upgrade with several breaking changes that the tsconfig partially guards against, but the missing types field may be impactful.
pnpm-lock.yaml	Lockfile updated consistently: @types/node 25.3.5→25.5.0, typescript 5.9.3→6.0.2, plus transitive bumps for @napi-rs/keyring (1.1.9→1.1.10) and @sourcegraph/amp (new build hash).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["TS 6.0 Upgrade"] --> B{"tsconfig.json\nexplicit settings?"}
    B -- "rootDir: ./src ✅" --> C[Not affected]
    B -- "strict: true ✅" --> C
    B -- "module: NodeNext ✅" --> C
    B -- "target: ES2022 ✅" --> C
    B -- "types: (not set) ❌" --> D["TS 6.0 default: types = []"]
    D --> E["@types/node globals NOT auto-included"]
    E --> F["process.env / process.argv / process.exit\nused as globals in src/"]
    F --> G["🔴 Build failure: 'Cannot find name process'"]
    G --> H["Fix: add 'types': ['node']\nto tsconfig.json"]
    H --> I["✅ Build passes"]

Loading

Comments Outside Diff (2)

1. tsconfig.json, line 1-19 (link)

   TypeScript 6.0: types now defaults to [], breaking global Node.js ambient types

   TypeScript 6.0 changed the default for the types compiler option from "include all @types/* packages found in node_modules" to an empty array. When types is [], no @types package contributes global ambient declarations — this includes @types/node's globals such as process, Buffer, NodeJS.Timeout, and similar.

   This project is a Node.js CLI that uses process.env, process.argv, process.exit(), and process.cwd() as globals across multiple source files (e.g. src/loop/agents.ts, src/llm/providers.ts, src/integrations/figma/source.ts). Without the ambient globals from @types/node, tsc is likely to emit "Cannot find name 'process'" (and similar) errors after this bump.

   Since the tsconfig already has @types/node as a devDependency, the fix is straightforward — explicitly opt in to the Node.js global types:

   Note: the other TypeScript 6.0 defaults (strict: true, rootDir: ./src, module: NodeNext, target: ES2022) are already explicitly set here, so only the types field needs to be added.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: tsconfig.json
   Line: 1-19
   
   Comment:
   **TypeScript 6.0: `types` now defaults to `[]`, breaking global Node.js ambient types**
   
   TypeScript 6.0 changed the default for the `types` compiler option from "include all `@types/*` packages found in `node_modules`" to an **empty array**. When `types` is `[]`, no `@types` package contributes global ambient declarations — this includes `@types/node`'s globals such as `process`, `Buffer`, `NodeJS.Timeout`, and similar.
   
   This project is a Node.js CLI that uses `process.env`, `process.argv`, `process.exit()`, and `process.cwd()` as globals across multiple source files (e.g. `src/loop/agents.ts`, `src/llm/providers.ts`, `src/integrations/figma/source.ts`). Without the ambient globals from `@types/node`, `tsc` is likely to emit "Cannot find name 'process'" (and similar) errors after this bump.
   
   Since the tsconfig already has `@types/node` as a devDependency, the fix is straightforward — explicitly opt in to the Node.js global types:
   
   
   
   Note: the other TypeScript 6.0 defaults (`strict: true`, `rootDir: ./src`, `module: NodeNext`, `target: ES2022`) are already explicitly set here, so only the `types` field needs to be added.
   
   How can I resolve this? If you propose a fix, please make it concise.

2. docs/tsconfig.json, line 1-8 (link)

   baseUrl is deprecated in TypeScript 6.0

   TypeScript 6.0 deprecates the baseUrl option. While this file is explicitly noted as "not used in compilation" (editor-only), the deprecation will surface as a warning in IDEs/editors that parse it with the new compiler. Removing baseUrl: "." (or replacing it with explicit path mappings if needed) keeps the editor config clean and avoids future churn when Docusaurus's own tsconfig preset drops it.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: docs/tsconfig.json
   Line: 1-8
   
   Comment:
   **`baseUrl` is deprecated in TypeScript 6.0**
   
   TypeScript 6.0 deprecates the `baseUrl` option. While this file is explicitly noted as "not used in compilation" (editor-only), the deprecation will surface as a warning in IDEs/editors that parse it with the new compiler. Removing `baseUrl: "."` (or replacing it with explicit path mappings if needed) keeps the editor config clean and avoids future churn when Docusaurus's own tsconfig preset drops it.
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: tsconfig.json
Line: 1-19

Comment:
**TypeScript 6.0: `types` now defaults to `[]`, breaking global Node.js ambient types**

TypeScript 6.0 changed the default for the `types` compiler option from "include all `@types/*` packages found in `node_modules`" to an **empty array**. When `types` is `[]`, no `@types` package contributes global ambient declarations — this includes `@types/node`'s globals such as `process`, `Buffer`, `NodeJS.Timeout`, and similar.

This project is a Node.js CLI that uses `process.env`, `process.argv`, `process.exit()`, and `process.cwd()` as globals across multiple source files (e.g. `src/loop/agents.ts`, `src/llm/providers.ts`, `src/integrations/figma/source.ts`). Without the ambient globals from `@types/node`, `tsc` is likely to emit "Cannot find name 'process'" (and similar) errors after this bump.

Since the tsconfig already has `@types/node` as a devDependency, the fix is straightforward — explicitly opt in to the Node.js global types:

```suggestion
{
  "compilerOptions": {
    "target": "ES2022",
    "module": "NodeNext",
    "moduleResolution": "NodeNext",
    "outDir": "./dist",
    "rootDir": "./src",
    "strict": true,
    "esModuleInterop": true,
    "skipLibCheck": true,
    "forceConsistentCasingInFileNames": true,
    "resolveJsonModule": true,
    "declaration": true,
    "declarationMap": true,
    "sourceMap": true,
    "types": ["node"]
  },
  "include": ["src/**/*"],
  "exclude": ["node_modules", "dist"]
}
```

Note: the other TypeScript 6.0 defaults (`strict: true`, `rootDir: ./src`, `module: NodeNext`, `target: ES2022`) are already explicitly set here, so only the `types` field needs to be added.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: docs/tsconfig.json
Line: 1-8

Comment:
**`baseUrl` is deprecated in TypeScript 6.0**

TypeScript 6.0 deprecates the `baseUrl` option. While this file is explicitly noted as "not used in compilation" (editor-only), the deprecation will surface as a warning in IDEs/editors that parse it with the new compiler. Removing `baseUrl: "."` (or replacing it with explicit path mappings if needed) keeps the editor config clean and avoids future churn when Docusaurus's own tsconfig preset drops it.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "chore(deps): bump the typescript group a..." | Re-trigger Greptile}

[claude]

This upgrades TypeScript from 5.x to 6.x (a major version bump), which may include breaking changes worth verifying against the build.

Extended reasoning...

Overview\nThis Dependabot PR updates two devDependencies: @types/node from 25.3.5 → 25.5.0 (minor) and typescript from 5.9.3 → 6.0.2 (major). The lockfile also picks up transitive bumps to @napi-rs/keyring (1.1.9 → 1.1.10) and @sourcegraph/amp (version hash update).\n\n### Security risks\nNo security risks. All changes are devDependencies used only at build time.\n\n### Level of scrutiny\nThe TypeScript 5.x → 6.x major version bump warrants human verification. TypeScript major versions can introduce stricter type checks, removed APIs, or changed emit behavior that would cause compilation failures. While TypeScript is a devDependency and won\u0027t affect runtime, confirming the build (tsc --noEmit) still passes under TS 6.0 is important before merging.\n\n### Other factors\nNo bugs were found by the automated bug hunting system. The @types/node and lockfile-only updates are routine. The blocker is solely the unverified compatibility of the codebase with TypeScript 6.0.

[rubenmarcus]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[rubenmarcus]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.