Dependabot will now update
@types dependencies alongside their corresponding packages in TypeScript projects.
Before this change, users would see separate pull requests for a package and its corresponding
@types package. This could lead to packages and type definitions getting out of sync with one another, and require manual intervention. For example, if a project had dependencies on both
@types/jquery, and a vulnerability triggered Dependabot to update
3.5.0, the package
@types/jquery would remain at its original
Now, Dependabot can help TypeScript users keep their dependencies and
@types packages up-to-date and in sync. When triggered to create an update, Dependabot will check if that package has a corresponding
@types package. If so, Dependabot will update both the package and the corresponding
@types package in a single PR. Or, if the
@types package is no longer needed, that dependency will be removed instead.
The feature is automatically enabled on repositories containing
@types packages in the project's
devDependencies as listed in
package.json. You can disable this behavior by setting the
ignore field in your
dependabot.yml file to
@types/*. Let us know what you think in this feedback discussion.