Skip to content

Bump typescript from 4.9.5 to 5.9.3 #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump typescript from 4.9.5 to 5.9.3 #35

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 25, 2025
edited
Loading

Bumps typescript from 4.9.5 to 5.9.3.

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

TypeScript 5.9

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

TypeScript 5.9 RC

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

TypeScript 5.9 Beta

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

Downloads are available on:

TypeScript 5.8.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

... (truncated)

Commits
  • c63de15 Bump version to 5.9.3 and LKG
  • 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
  • a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
  • 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
  • bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
  • 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
  • 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
  • 5be3346 Bump version to 5.9.2 and LKG
  • ad825f2 Bump version to 5.9.1-rc and LKG
  • 463a5bf Update LKG
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 25, 2025
@austenstone
Copy link
Owner

austenstone commented Oct 25, 2025

🔍 Dependabot Dependency Analysis: TypeScript 4.9.5 → 5.9.3

⚠️ CRITICAL COMPATIBILITY ISSUE DETECTED

📋 Summary of Changes

Dependency: TypeScript (development dependency)
Current Version: 4.9.5
Proposed Version: 5.9.3
Update Type: Major version update (semver-major)
Package Ecosystem: npm

This update spans multiple major versions of TypeScript:

  • 4.9.5 → 5.0.x (Major)
  • 5.0.x → 5.1.x → 5.2.x → ... → 5.9.3 (Multiple minor releases)

🚨 BREAKING: Angular 15 Incompatibility

This update CANNOT be merged as-is.

According to official Angular compatibility documentation:

  • Angular 15.2.x supports: TypeScript >=4.8.2 and <5.0.0
  • TypeScript 5.9.3 requires: Angular 20.x or higher

Your project is using Angular 15.2.8, which explicitly does NOT support TypeScript 5.x.

Expected Result if Merged:

  • ❌ Compilation errors from Angular compiler
  • ❌ Build failures due to strict version enforcement
  • ❌ Potential runtime issues with type definitions

🔒 Security Assessment

No security vulnerabilities identified in either version

  • CVSS Score: 0
  • No GHSA alerts
  • No CVE associations

⚠️ Breaking Changes (TypeScript 4.9 → 5.9)

Major Breaking Changes:

  1. Decorators Standardization (TS 5.0)

    • New ECMAScript Stage 3 decorators standard
    • May affect Angular components if using experimental decorators
    • Angular projects typically use --experimentalDecorators, which still works

  2. Module Resolution Updates (TS 5.0)

    • New --moduleResolution bundler option
    • exports field now prioritized over typesVersions in package.json

  3. Minimum Node.js Version (TS 5.0+)

    • Requires Node.js >=14.17 (was >=4.2.0)
    • Current project likely already compatible

  4. Stricter Type Checking

    • Enhanced type inference for promises and async operations
    • More accurate this type inference
    • Stricter generic type constraints

  5. Package Resolution Changes

    • The detected package-lock.json shows @ngtools/webpack peer dependency requires "typescript": ">=4.8.2 <5.0"
    • This will cause peer dependency conflicts

🚀 New Features/Improvements (If Compatible)

TypeScript 5.x introduces:

  • Decorators: Full ECMAScript decorators support
  • Performance: 10-20% faster compilation in some scenarios
  • const Type Parameters: Better const assertion handling
  • Enum Improvements: Better const enum handling
  • JSDoc @Satisfies: Enhanced JSDoc support
  • Switch(true) Narrowing: Improved control flow analysis

📝 Migration Requirements

To safely use TypeScript 5.9.3, you must:

  1. Upgrade Angular to a compatible version:

    • For TS 5.0-5.1: Angular 16.x minimum
    • For TS 5.9: Angular 20.x minimum

  2. Update all Angular dependencies together:

    ng update @angular/core@20 @angular/cli@20

  3. Update related tooling:

    • @angular-devkit/build-angular
    • @ngtools/webpack
    • TypeScript ESLint packages

  4. Test thoroughly:

    • Run full test suite
    • Check for decorator-related issues
    • Verify build configuration

Recommendation

❌ DO NOT AUTO-MERGE
🛑 REQUIRES MANUAL INTERVENTION

Recommended Actions:

  1. Close this PR - The version jump is incompatible with your current Angular version

  2. Choose one of these paths:

    Option A: Stay on Angular 15 (Recommended for stability)

    • Keep TypeScript 4.9.x (latest: 4.9.5)
    • Update to TypeScript ~4.9.5 (you're already on this)
    • Close this Dependabot PR

    Option B: Upgrade to modern stack (Recommended for long-term)

    • Plan Angular upgrade to v20+ (latest LTS)
    • This enables TypeScript 5.9 support
    • Requires significant testing and validation
    • Follow Angular's official update guide

  3. Configure Dependabot to avoid this issue:
    Add to .github/dependabot.yml:

    version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    target-branch: "main"
    ignore:
      - dependency-name: "typescript"
        update-types: ["version-update:semver-major"]

🔗 References

Analysis Generated:
Compatibility Score: 0 (Incompatible)
Security Risk: None
Breaking Change Risk: Critical

This was referenced Oct 25, 2025
Closed
Open
Open
Open
@dependabot
Bump typescript from 4.9.5 to 5.9.3
4f1da84 
Bumps [typescript](https://github.com/microsoft/TypeScript) from 4.9.5 to 5.9.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](microsoft/TypeScript@v4.9.5...v5.9.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 5.9.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/typescript-5.9.3 branch from 44df332 to 4f1da84 Compare October 31, 2025 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@austenstone