chore(deps-dev): bump typescript from 5.9.3 to 7.0.2#174
chore(deps-dev): bump typescript from 5.9.3 to 7.0.2#174dependabot[bot] wants to merge 4 commits into
Conversation
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 7.0.2. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](https://github.com/microsoft/TypeScript/commits) --- updated-dependencies: - dependency-name: typescript dependency-version: 7.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
sprayberry-reviewer
left a comment
There was a problem hiding this comment.
Automated review from the Sprayberry Labs fleet code reviewer. This is a bot verdict from the fleet's required automated reviewer — not a human sign-off.
Verdict: No blocking issues found — approving.
What I checked
This is a Dependabot bump of typescript (devDependency only) from 5.9.3 → 7.0.2. Files changed: package.json (1+/1−) and package-lock.json (368+/7−).
✅ Package exists and is not deprecated
typescript@7.0.2 is published on the npm registry under the official microsoft1es/typescript-bot maintainers with an Apache-2.0 license. No deprecated field is present.
✅ Only the expected files are modified
Two files changed: package.json (version range line) and package-lock.json (the resolved entry + new optional platform binaries). No source files, no tsconfig.json, no CI config — correct scope for a dependency bump.
✅ Node engine compatibility
TypeScript 7.0.2 raises the minimum Node requirement to >=16.20.0 (package-lock.json:3500). The project's own engines.node is >=20.0.0, so no conflict.
✅ tsserver binary removal is inert for this project
TypeScript 7 drops the tsserver binary from its distribution:
- "tsc": "bin/tsc",
- "tsserver": "bin/tsserver"
+ "tsc": "bin/tsc"
(package-lock.json around line 3503)
The project's scripts (build: "tsc", typecheck: "tsc --noEmit", dev: "tsx …") use tsc only — no direct invocation of tsserver. IDE tooling obtains its own language server separately.
✅ New optional platform-specific packages are expected
TypeScript 7 ships native binaries via optional @typescript/typescript-<os>-<cpu> packages — all at version 7.0.2, all "optional": true, "dev": true. This is the standard TS7 distribution mechanism, not a supply-chain concern.
ℹ️ Major-version jump (5.9.3 → 7.0.2)
This skips the entire TypeScript 6.x line. TypeScript 7 includes breaking changes (strictness tightening, removed deprecated options). These would surface as build failures in CI rather than silent regressions, since the project's prepublishOnly and pretest both invoke tsc. No action needed here, but worth being aware of if CI is red.
What's good
Dependabot produced a mechanically correct lock-file update: every resolved URL, integrity hash, and optional-dep entry is consistent. The devDependency boundary means there is zero runtime impact on distributed consumers.
Bumps typescript from 5.9.3 to 7.0.2.
Release notes
Sourced from typescript's releases.
Commits
Maintainer changes
This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)