Skip to content

Fix TypeScript 6 checker config#2695

Merged
jonathanKingston merged 3 commits into
mainfrom
jkt/auto/dependency-update-risk-analysis-c062
May 13, 2026
Merged

Fix TypeScript 6 checker config#2695
jonathanKingston merged 3 commits into
mainfrom
jkt/auto/dependency-update-risk-analysis-c062

Conversation

@cursor
Copy link
Copy Markdown
Contributor

@cursor cursor Bot commented May 13, 2026
edited
Loading

Asana Task/Github Issue: PR #2602

Description

Restores the repository's intended TypeScript checker assumptions under TypeScript 6 by explicitly setting strict: false, preserving pre-6.0 automatic @types discovery, and suppressing the moduleResolution: node deprecation until the resolver can be migrated. Also updates a test setup delete to avoid the newer DOM lib's non-optional navigation property typing.

Testing Steps

  • npm run tsc
  • npm run tsc-strict-core
  • npm run docs-preview

Checklist

Please tick all that apply:

  • I have tested this change locally
  • I have tested this change locally in all supported browsers
  • This change will be visible to users
  • I have added automated tests that cover this change
  • I have ensured the change is gated by config
  • This change was covered by a ship review
  • This change was covered by a tech design
  • Any dependent config has been merged
Open in Web View Automation 

Note

Medium Risk
Upgrades TypeScript/TypeDoc and adjusts tsconfig.json, which can change type-checking behavior and surface new compile-time failures across the repo. Runtime impact is minimal, but CI/typecheck and docs generation may be affected.

Overview
Restores the intended TypeScript checker behavior under TypeScript 6 by updating tsconfig.json (explicitly setting strict: false, suppressing TS6 deprecations via ignoreDeprecations, and re-enabling broad @types discovery with types: ["*"]).

Bumps tooling/dev dependencies (typescript, typedoc, and various @types/* packages) and refreshes package-lock.json accordingly.

Updates an integration test to delete globalThis.navigation via Reflect.deleteProperty to satisfy newer DOM typings.

Reviewed by Cursor Bugbot for commit 19e2c53. Bugbot is set up for automated code reviews on this repo. Configure here.

dependabot Bot and others added 2 commits May 13, 2026 10:53
@dependabot
build(deps-dev): bump the typescript group across 1 directory with 4 …
8b5e29c 
…updates

Bumps the typescript group with 4 updates in the / directory: [typedoc](https://github.com/TypeStrong/TypeDoc), [typescript](https://github.com/microsoft/TypeScript), [@types/chrome](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chrome) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `typedoc` from 0.28.17 to 0.28.19
- [Release notes](https://github.com/TypeStrong/TypeDoc/releases)
- [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md)
- [Commits](TypeStrong/typedoc@v0.28.17...v0.28.19)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `@types/chrome` from 0.1.37 to 0.1.42
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chrome)

Updates `@types/node` from 25.5.0 to 25.6.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/chrome"
  dependency-version: 0.1.39
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript
- dependency-name: typedoc
  dependency-version: 0.28.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: typescript
...

Signed-off-by: dependabot[bot] <support@github.com>
@cursoragent @jonathanKingston
Fix TypeScript 6 checker config
a8b702e 
Co-authored-by: Jonathan Kingston <jonathanKingston@users.noreply.github.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026
edited
Loading

Build Branch
Branch pr-releases/jkt/auto/dependency-update-risk-analysis-c062
Commit 690c74e307
Updated May 13, 2026 at 12:53:35 PM UTC

Static preview entry points

QR codes (mobile preview)
Entry point QR code
Docs QR for docs preview
Static pages QR for static pages preview
Integration pages QR for integration pages preview

Integration commands

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#pr-releases/jkt/auto/dependency-update-risk-analysis-c062

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", branch: "pr-releases/jkt/auto/dependency-update-risk-analysis-c062")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/jkt/auto/dependency-update-risk-analysis-c062
git -C submodules/content-scope-scripts checkout origin/pr-releases/jkt/auto/dependency-update-risk-analysis-c062
Pin to exact commit

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#690c74e3071fbf67fac1935e42070218576d0bfa

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", revision: "690c74e3071fbf67fac1935e42070218576d0bfa")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/jkt/auto/dependency-update-risk-analysis-c062
git -C submodules/content-scope-scripts checkout 690c74e3071fbf67fac1935e42070218576d0bfa

@cursor cursor Bot mentioned this pull request May 13, 2026
Closed
@github-actions github-actions Bot added the semver-patch Bug fix / internal — no release needed label May 13, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026
edited
Loading

[Beta] Generated file diff

Time updated: Wed, 13 May 2026 12:54:01 GMT

jonathanKingston
jonathanKingston reviewed May 13, 2026
View reviewed changes
Comment thread tsconfig.json
@jonathanKingston jonathanKingston marked this pull request as ready for review May 13, 2026 12:52
@jonathanKingston jonathanKingston requested a review from a team as a code owner May 13, 2026 12:52
cursor[bot]
cursor Bot commented May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Web Compatibility Assessment

No blocking findings.

  • injected/integration-test/pages.spec.js lines 80-84, severity: info. The delete globalThis.navigation to Reflect.deleteProperty(globalThis, 'navigation') change is confined to Playwright page.addInitScript() test setup for simulating missing Navigation API support. It does not ship in injected runtime code and does not alter API wrapping, descriptors, toString() masking, DOM timing, or platform bundle behavior.
  • package.json lines 56-58, injected/package.json lines 51-53, package-lock.json lines 33-56 and 1598-2108, severity: info. Dependency changes are dev/checker/docs type-surface changes (typescript, typedoc, @types/*, TypeDoc transitive packages). No production dependency, injected feature, wrapper utility, platform entry point, or runtime browser API surface changed.
  • tsconfig.json lines 9-13, severity: info. The TypeScript 6 checker settings are noEmit build-time config only. They do not affect generated content-scope runtime behavior, remote config evaluation, or page-world API fidelity.

Security Assessment

No blocking findings.

  • No changes touch injected/src/captured-globals.js, wrapper-utils.js, DDGProxy, message bridge, messaging transports, origin checks, postMessage, iframe access, config gating, or stack-trace exemption logic.
  • The only new uncaptured global-looking use (Reflect.deleteProperty) is inside test-page initialization, not hostile production page execution.

Risk Level

Low Risk: this is a devDependency/checker-config/test-only PR with no injected runtime or security-boundary changes.

Recommendations

  • No code changes requested from a web compatibility or security perspective.
  • Keep the remaining CI checks green before merge. I locally verified npm ci, generated injected artifacts, npm run tsc, npm run tsc-strict-core, and npm run docs successfully.
Open in Web View Automation 

Sent by Cursor Automation: Web compat and sec

cursor[bot]
cursor Bot commented May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Web Compatibility Assessment

No findings. The diff is limited to dev dependency/tooling updates, tsconfig.json, and a Playwright test-infra change in injected/integration-test/pages.spec.js; it does not touch injected runtime features, wrapper utilities, API shims, DOM manipulation, messaging, captured globals, or platform entry points.

Security Assessment

No findings. I did not see new message paths, origin handling changes, postMessage, network requests, global captures, prototype patches, or page-controlled data flows.

Risk Level

Low Risk: this is a TypeScript/tooling and test-only change with no direct injected runtime behavior change; the main risk is CI/build-tool compatibility from the TypeScript 6 upgrade.

Recommendations

No blocking recommendations. Keep the existing follow-up discussion for migrating off deprecated moduleResolution: "node" separate from this PR.

Verified locally:

  • npm ci
  • npm run build --workspace=injected
  • npm run tsc
  • npm run tsc-strict-core
  • npm run lint
  • npm run docs
Open in Web View Automation 

Sent by Cursor Automation: Web compat and sec

@jonathanKingston jonathanKingston added this pull request to the merge queue May 13, 2026
Merged via the queue into main with commit 5ae6eb6 May 13, 2026
41 checks passed
@jonathanKingston jonathanKingston deleted the jkt/auto/dependency-update-risk-analysis-c062 branch May 13, 2026 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonathanKingston jonathanKingston jonathanKingston approved these changes

Assignees

No one assigned

Labels

semver-patch Bug fix / internal — no release needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonathanKingston @cursoragent