From 7475651cd047fb25a984b81e28be9943c363c905 Mon Sep 17 00:00:00 2001 From: Jake Bailey <5341706+jakebailey@users.noreply.github.com> Date: Tue, 12 Aug 2025 11:37:11 -0700 Subject: [PATCH 1/4] Don't filter codeql (#3432) --- .github/codeql/codeql-configuration.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/codeql/codeql-configuration.yml b/.github/codeql/codeql-configuration.yml index 611555557..912999c8a 100644 --- a/.github/codeql/codeql-configuration.yml +++ b/.github/codeql/codeql-configuration.yml @@ -1,4 +1,7 @@ name : CodeQL Configuration -paths: - - './packages' +paths-ignore: + # Contains syntax errors. + - 'packages/ts-twoslasher/test/fixtures/**' + # Contains code examples with syntax errors. + - '**/copy/en/**' From 4a3a6a9b6b222d25215cb8b546f9eb9d86909124 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 18:55:54 +0000 Subject: [PATCH 2/4] Bump the github-actions group across 1 directory with 4 updates (#3431) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/CI.yml | 4 ++-- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/deploy-preview.yml | 2 +- .github/workflows/deploy-prod-static.yml | 2 +- .github/workflows/keepalive.yml | 2 +- .github/workflows/publish-packages.yml | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 8afbb4c1f..8d9350f46 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -23,7 +23,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: "18.x" @@ -80,7 +80,7 @@ jobs: name: changesets runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d48ed1c2f..ff2b106b9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,11 +40,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: config-file: ./.github/codeql/codeql-configuration.yml # Override language selection by uncommenting this and choosing your languages @@ -54,7 +54,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -68,4 +68,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml index 918fd78b2..315d84f54 100644 --- a/.github/workflows/deploy-preview.yml +++ b/.github/workflows/deploy-preview.yml @@ -131,7 +131,7 @@ jobs: - name: Download site build from PR if: ${{ steps.get-info.outputs.result != 'null' }} - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: site path: site diff --git a/.github/workflows/deploy-prod-static.yml b/.github/workflows/deploy-prod-static.yml index de21d355b..a9962eaeb 100644 --- a/.github/workflows/deploy-prod-static.yml +++ b/.github/workflows/deploy-prod-static.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # Fetch the full history, to build attribution.json fetch-depth: 0 diff --git a/.github/workflows/keepalive.yml b/.github/workflows/keepalive.yml index 3bd232ac0..62f4a46fd 100644 --- a/.github/workflows/keepalive.yml +++ b/.github/workflows/keepalive.yml @@ -11,7 +11,7 @@ jobs: contents: write steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: | if [[ $(git log --format="%H" --since "50 days" | head -c1 | wc -c) == 0 ]]; then git config user.email "typescriptbot@microsoft.com" diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index e36ab37ce..76c0938fe 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 filter: blob:none @@ -33,7 +33,7 @@ jobs: pnpm bootstrap pnpm build - - uses: changesets/action@06245a4e0a36c064a573d4150030f5ec548e4fcc # v1.4.10 + - uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3 with: publish: pnpm ci:publish env: From c95f3eb8a2e86eb158947a0582ee211a577a1438 Mon Sep 17 00:00:00 2001 From: Theo Date: Thu, 14 Aug 2025 15:39:54 +0100 Subject: [PATCH 3/4] Fix: correct filename for src/tsconfig-base.json in docs (#3433) --- .../documentation/copy/en/project-config/Project References.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/documentation/copy/en/project-config/Project References.md b/packages/documentation/copy/en/project-config/Project References.md index f7daf7c92..17bcedce8 100644 --- a/packages/documentation/copy/en/project-config/Project References.md +++ b/packages/documentation/copy/en/project-config/Project References.md @@ -172,7 +172,7 @@ Another good practice is to have a "solution" `tsconfig.json` file that simply h This presents a simple entry point; e.g. in the TypeScript repo we simply run `tsc -b src` to build all endpoints because we list all the subprojects in `src/tsconfig.json` -You can see these patterns in the TypeScript repo - see `src/tsconfig_base.json`, `src/tsconfig.json`, and `src/tsc/tsconfig.json` as key examples. +You can see these patterns in the TypeScript repo - see `src/tsconfig-base.json`, `src/tsconfig.json`, and `src/tsc/tsconfig.json` as key examples. ### Structuring for relative modules From c2b25d220465dac34dd2da41a2a44cb30c6f42e4 Mon Sep 17 00:00:00 2001 From: Rob Palmer Date: Fri, 5 Sep 2025 18:49:14 +0100 Subject: [PATCH 4/4] Modules Theory: require(ESM) is in Node 20 (#3440) --- packages/documentation/copy/en/modules-reference/Theory.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/documentation/copy/en/modules-reference/Theory.md b/packages/documentation/copy/en/modules-reference/Theory.md index 3c54f7f9b..5e64354c5 100644 --- a/packages/documentation/copy/en/modules-reference/Theory.md +++ b/packages/documentation/copy/en/modules-reference/Theory.md @@ -180,11 +180,11 @@ Can an ES module `import` a CommonJS module? If so, does a default import link t 1. **ESM-only.** Some runtimes, like browser engines, only support what’s actually a part of the language: ECMAScript Modules. 2. **Bundler-like.** Before any major JavaScript engine could run ES modules, Babel allowed developers to write them by transpiling them to CommonJS. The way these ESM-transpiled-to-CJS files interacted with hand-written-CJS files implied a set of permissive interoperability rules that have become the de facto standard for bundlers and transpilers. -3. **Node.js.** Until Node.js v22.12.0, CommonJS modules could not load ES modules synchronously (with `require`); they could only load them asynchronously with dynamic `import()` calls. ES modules can default-import CJS modules, which always binds to `exports`. (This means that a default import of a Babel-like CJS output with `__esModule` behaves differently between Node.js and some bundlers.) +3. **Node.js.** Until Node.js v20.19.0, CommonJS modules could not load ES modules synchronously (with `require`); they could only load them asynchronously with dynamic `import()` calls. ES modules can default-import CJS modules, which always binds to `exports`. (This means that a default import of a Babel-like CJS output with `__esModule` behaves differently between Node.js and some bundlers.) TypeScript needs to know which of these rule sets to assume in order to provide correct types on (particularly `default`) imports and to error on imports that will crash at runtime. When the `module` compiler option is set to `node16`, `node18`, or `nodenext`, Node.js’s version-specific rules are enforced.[^1] All other `module` settings, combined with the [`esModuleInterop`](/docs/handbook/modules/reference.html#esModuleInterop) option, result in bundler-like interop in TypeScript. (While using `--module esnext` does prevent you from _writing_ CommonJS modules, it does not prevent you from _importing_ them as dependencies. There’s currently no TypeScript setting that can guard against an ES module importing a CommonJS module, as would be appropriate for direct-to-browser code.) -[^1]: In Node.js v22.12.0 and later, a `require` of an ES module is allowed, but only if the resolved module and its top-level imports don’t use top-level `await`. TypeScript does not try to enforce this rule, as it lacks the ability to tell from a declaration file whether the corresponding JavaScript file contains top-level `await`. +[^1]: In Node.js v20.19.0 and later, a `require` of an ES module is allowed, but only if the resolved module and its top-level imports don’t use top-level `await`. TypeScript does not try to enforce this rule, as it lacks the ability to tell from a declaration file whether the corresponding JavaScript file contains top-level `await`. ### Module specifiers are not transformed by default @@ -341,7 +341,7 @@ import { add } from "./math.ts"; This restriction applies since TypeScript [won’t rewrite the extension](#module-specifiers-are-not-transformed) to `.js`, and if `"./math.ts"` appears in an output JS file, that import won’t resolve to another JS file at runtime. TypeScript really wants to prevent you from generating an unsafe output JS file. But what if there _is_ no output JS file? What if you’re in one of these situations: - You’re bundling this code, the bundler is configured to transpile TypeScript files in-memory, and it will eventually consume and erase all the imports you’ve written to produce a bundle. -- You’re running this code directly in a TypeScript runtime like Deno or Bun. +- You’re running this code directly in a TypeScript runtime like Node, Deno or Bun. - You’re using `ts-node`, `tsx`, or another transpiling loader for Node. In these cases, you can turn on `noEmit` (or `emitDeclarationOnly`) and `allowImportingTsExtensions` to disable emitting unsafe JavaScript files and silence the error on `.ts`-extensioned imports.