chore(deps-dev): bump typescript from 5.9.3 to 6.0.2

[dependabot]

Bumps typescript from 5.9.3 to 6.0.2.

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

[greptile-apps]

Greptile Summary

This is a dependabot-generated major version bump of TypeScript from 5.9.3 to 6.0.2. The change is isolated to devDependencies and does not affect the published package or runtime behavior directly.

Key findings:

• The package.json change is correct and intentional.
• The package-lock.json regeneration introduces a potentially impactful side effect: libc fields were stripped from the three Linux optional native binary entries (@optave/codegraph-linux-arm64-gnu, @optave/codegraph-linux-x64-gnu, @optave/codegraph-linux-x64-musl). These fields tell npm which C library variant to select on Linux — without them, musl-based (Alpine) Linux users could receive the wrong binary.
• TypeScript 6.0 changed the types compiler option default to [], meaning transitively installed @types/node packages are no longer auto-included. Since tsconfig.json has no explicit \"types\" field and @types/node is not a direct devDependency, it's worth running npm run typecheck to confirm no ambient type regressions were introduced.

Confidence Score: 4/5

Mostly safe to merge, but the lock file's removal of libc fields from Linux native binary entries should be verified before merging to avoid silent native-addon degradation on musl/Alpine systems.

The TypeScript version update itself is straightforward. However, the lock file regeneration side effect — removing libc classifiers from the Linux platform-specific optional packages — is a P1 concern that could silently break native binary resolution on Alpine Linux. The WASM fallback prevents a hard crash, but it's an unintended degradation for a core part of the project's dual-engine architecture.

package-lock.json — specifically the removed libc entries around lines 1276–1308 for the three Linux optional native packages

Important Files Changed

Filename	Overview
package.json	Bumps typescript devDependency from ^5.9.3 to ^6.0.2; all other dependencies unchanged
package-lock.json	Lock file updated to resolve TypeScript 6.0.2; as a side effect, libc fields were removed from three Linux optional native binary entries, which may affect correct package selection on musl-based Linux systems

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[npm install on Linux] --> B{libc field present\nin package-lock.json?}
    B -- "Yes (before PR)" --> C[npm reads libc field\nto filter platform packages]
    C --> D{System libc?}
    D -- glibc --> E[Install codegraph-linux-x64-gnu]
    D -- musl --> F[Install codegraph-linux-x64-musl]
    B -- "No (after PR)" --> G[npm uses only OS + CPU\nfor optional package selection]
    G --> H{May install wrong\nbinary variant}
    H -- "Load succeeds" --> I[Native engine active]
    H -- "Load fails" --> J[Falls back to WASM engine]
    E --> I
    F --> I

Loading

Comments Outside Diff (2)

1. package-lock.json, line 1276-1308 (link)

   libc fields removed from Linux optional package entries

   The lock file regeneration removed "libc" classification from three platform-specific optional native binary packages:

   • @optave/codegraph-linux-arm64-gnu (was "libc": ["glibc"])
   • @optave/codegraph-linux-x64-gnu (was "libc": ["glibc"])
   • @optave/codegraph-linux-x64-musl (was "libc": ["musl"])

   The libc field is what npm uses to distinguish between glibc (standard Linux) and musl (Alpine Linux) variants when selecting optional packages. Without this field, npm can't correctly filter between the two variants — on musl-based systems (e.g. Alpine Linux in Docker), the glibc binary may be installed instead of the musl one, which would fail to load at runtime and silently fall back to WASM.

   Since these packages are pinned to 3.4.1 and weren't part of the TypeScript bump, this appears to be a side effect of dependabot using a different npm version to regenerate the lock file. It's worth verifying that npm install on a musl-based Linux system still selects @optave/codegraph-linux-x64-musl correctly after this change, or checking whether the libc removal reflects a registry-level change to those packages.

2. tsconfig.json, line 1-54 (link)

   TypeScript 6.0 changed types default to []

   TypeScript 6.0 changed the types compiler option default from auto-including everything in node_modules/@types to an empty array []. Previously, if @types/node was installed transitively (e.g. via vitest), TypeScript would automatically include it. With TS 6.0, only explicitly listed packages are included.

   Since @types/node is not listed in devDependencies and tsconfig.json has no "types" field, ambient Node.js globals like process, Buffer, and __dirname may no longer be typed if they were previously resolved transitively. This project is a Node.js CLI and uses "module": "nodenext", making this particularly relevant.

   Consider adding "types": ["node"] to tsconfig.json to make the Node.js type inclusion explicit and future-proof:

   "compilerOptions": {
     "types": ["node"],
     ...
   }

   Note: this would also require adding @types/node to devDependencies if it isn't already a transitive dep that you rely on. Running npm run typecheck with the new TypeScript version will quickly surface any issues.

_{Reviews (1): Last reviewed commit: "chore(deps-dev): bump typescript from 5...." | Re-trigger Greptile}

[carlos-alm]

Closing — TypeScript 6.x is a major version bump that deprecates \ in \ (TS5101), breaking the build. All CI failures cascade from this. A major TS upgrade needs deliberate migration, not an auto-merge. We'll track TS 6 adoption separately when ready.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.