chore(deps): update dependency typescript to v6

[cu-infra-svc-git]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
typescript (source)	^5.9.3 → ^6.0.2

---

Release Notes

microsoft/TypeScript (typescript)

v6.0.2: TypeScript 6.0

Compare Source

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 2am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm typescript under CC-BY-4.0 License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) License: MIT-Khronos-old - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) From: package.json → npm/typescript@6.0.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit a822ab2. Configure here.}

[cursor]

Incompatible @typescript-eslint version with TypeScript 6

High Severity

The lockfile pins @typescript-eslint/eslint-plugin and @typescript-eslint/parser to version 8.22.0, which does not support TypeScript 6. TypeScript 6 support was added in @typescript-eslint version 8.58.0. Upgrading TypeScript to v6 without also updating @typescript-eslint to a compatible version will cause ESLint to fail when parsing TypeScript files.

Additional Locations (1)

• package.json#L59-L60

 

^{Reviewed by Cursor Bugbot for commit a822ab2. Configure here.}

[cursor]

Incompatible ts-jest version with TypeScript 6

High Severity

The lockfile pins ts-jest to version 29.4.6, which does not support TypeScript 6. TypeScript 6 support was added in ts-jest version 29.4.7 (released April 1, 2026). Upgrading TypeScript to v6 without also updating ts-jest will cause test execution to fail during TypeScript file transformation.

Additional Locations (1)

• package.json#L59-L60

 

^{Reviewed by Cursor Bugbot for commit a822ab2. Configure here.}