Skip to content

chore(deps): bump the typescript group across 1 directory with 2 updates#346

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/typescript-9f544d7337
Open

chore(deps): bump the typescript group across 1 directory with 2 updates#346
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/typescript-9f544d7337

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the typescript group with 2 updates in the / directory: @types/node and typescript.

Updates @types/node from 25.5.2 to 25.6.0

Commits

Updates typescript from 6.0.2 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the typescript group across 1 directory with 2 updates
e4631cf 
Bumps the typescript group with 2 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@types/node` from 25.5.2 to 25.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v6.0.2...v6.0.3)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: typescript
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 20, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from rubenmarcus as a code owner April 20, 2026 11:41
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented Apr 20, 2026

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@github-actions github-actions Bot added the chore label Apr 20, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026

✔️ Bundle Size Analysis

Metric Value
Base 2836.86 KB
PR 2836.86 KB
Diff 0 KB (0%)
Bundle breakdown 
140K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
24K	dist/cli.js
16K	dist/cli.js.map
740K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
916K	dist/integrations
100K	dist/llm
1.3M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
428K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

claude[bot]
claude Bot reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — routine Dependabot lockfile update for patch/minor dev dependency bumps.

Extended reasoning...

Overview

This PR updates pnpm-lock.yaml only, bumping two dev dependencies: @types/node (25.5.2 → 25.6.0, minor) and typescript (6.0.2 → 6.0.3, patch). Transitive lockfile entries for rollup (4.60.1 → 4.60.2), postcss (8.5.9 → 8.5.10), and undici-types (7.18.2 → 7.19.2) are also updated automatically. No source files are modified.

Security Risks

None. All updated packages are dev-only tooling (type definitions, compiler, bundler). No runtime code paths, auth, crypto, or permissions are affected.

Level of Scrutiny

Minimal scrutiny required. Patch and minor version bumps to well-known, widely-used dev dependencies from trusted sources (Microsoft/DefinitelyTyped). The changes are purely mechanical lockfile updates generated by Dependabot.

Other Factors

No bugs were found by the bug hunting system. No prior reviewer comments are outstanding. The PR is a clean, automated dependency update with no logic changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@rubenmarcus rubenmarcus Awaiting requested review from rubenmarcus rubenmarcus is a code owner

Assignees

No one assigned

Labels

chore dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants