Skip to content

chore(deps-dev): bump typescript from 5.9.2 to 6.0.3#112

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript-6.0.3
Open

chore(deps-dev): bump typescript from 5.9.2 to 6.0.3#112
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript-6.0.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Bumps typescript from 5.9.2 to 6.0.3.

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026
@dependabot dependabot Bot requested a review from ulises-jeremias as a code owner April 20, 2026 04:48
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Apr 20, 2026
@dependabot dependabot Bot mentioned this pull request Apr 20, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026
edited
Loading

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ EDITORCONFIG editorconfig-checker 4 0 0 0.01s
✅ JSON jsonlint 4 0 0 0.42s
✅ JSON npm-package-json-lint yes no no 0.32s
✅ JSON prettier 4 0 0 0 0.37s
✅ JSON v8r 4 0 0 9.05s
✅ REPOSITORY gitleaks yes no no 4.28s
✅ REPOSITORY git_diff yes no no 0.01s
❌ REPOSITORY osv-scanner yes 18 no 2.88s
✅ REPOSITORY secretlint yes no no 0.98s
✅ REPOSITORY syft yes no no 3.97s
✅ REPOSITORY trufflehog yes no no 4.98s
✅ SPELL cspell 5 0 0 2.53s

Detailed Issues

❌ REPOSITORY / osv-scanner - 18 errors 
Scanning dir .
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
Starting filesystem walk for root: /
Scanned tools/danger/package-lock.json file and found 161 packages
Scanned package-lock.json file and found 586 packages
End status: 48 dirs visited, 217 inodes visited, 2 Extract calls, 69.07587ms elapsed, 69.076051ms wall time
Filtered 7 local/unscannable package/s from the scan.

Total 15 packages affected by 18 known vulnerabilities (1 Critical, 4 High, 11 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
17 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                             | VERSION | FIXED VERSION | SOURCE                         |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| https://osv.dev/GHSA-3p68-rc4w-qgx5 | 6.3  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-fvcv-3m26-pcqx | 4.8  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion                     | 2.0.2   | 2.0.3         | package-lock.json              |
| https://osv.dev/GHSA-r4q5-vmmm-2653 | 6.9  | npm       | follow-redirects                    | 1.15.11 | 1.16.0        | package-lock.json              |
| https://osv.dev/GHSA-48c2-rrv3-qjmp | 4.3  | npm       | yaml (dev)                          | 2.8.1   | 2.8.3         | package-lock.json              |
| https://osv.dev/GHSA-h5c3-5r3r-rr8q | 5.3  | npm       | @octokit/plugin-paginate-rest (dev) | 2.21.3  | 9.2.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-rmvr-2pp2-xj38 | 5.3  | npm       | @octokit/request (dev)              | 5.6.3   | 8.4.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-xx4v-prfh-6cgc | 5.3  | npm       | @octokit/request-error (dev)        | 2.1.0   | 5.1.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-vpq2-c234-7xj6 | 3.3  | npm       | @tootallnate/once (dev)             | 2.0.0   | 3.0.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-grv7-fg5c-xmjg | 7.5  | npm       | braces (dev)                        | 3.0.2   | 3.0.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-fjxv-7rqg-78g4 | 9.4  | npm       | form-data (dev)                     | 4.0.0   | 4.0.4         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-869p-cjfg-cm3x | 7.5  | npm       | jws (dev)                           | 3.2.2   | 3.2.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-952p-6rrq-rcjv | 5.3  | npm       | micromatch (dev)                    | 4.0.5   | 4.0.8         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-8g77-54rh-46hx | 8.9  | npm       | parse-git-config (dev)              | 2.0.3   | --            | tools/danger/package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-6rw7-vpxm-498p | 6.3  | npm       | qs (dev)                            | 6.12.0  | 6.14.1        | tools/danger/package-lock.json |
| https://osv.dev/GHSA-w7fw-mjwx-w883 | 3.7  | npm       | qs (dev)                            | 6.12.0  | 6.14.2        | tools/danger/package-lock.json |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/typescript-6.0.3 branch from bdaca74 to da26fde Compare April 20, 2026 05:28
@dependabot dependabot Bot changed the title Bump typescript from 5.9.2 to 6.0.3 chore(deps-dev): bump typescript from 5.9.2 to 6.0.3 Apr 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/typescript-6.0.3 branch from da26fde to 44eb76d Compare April 20, 2026 07:06
@dependabot
Bump typescript from 5.9.2 to 6.0.3
9b700ff 
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.2 to 6.0.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.2...v6.0.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/typescript-6.0.3 branch from 44eb76d to 9b700ff Compare April 20, 2026 07:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ulises-jeremias ulises-jeremias Awaiting requested review from ulises-jeremias ulises-jeremias is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants