chore: bump bun to v1.3.6

[Hona]

What does this PR do?

title

How did you verify your code works?

bun dev (tui smokecheck)
typecheck + cicd tests

[github-actions]

Hey! Your PR title Chore/bump bun 1.3.6 doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

[Copilot]

Pull request overview

This PR bumps the Bun runtime and TypeScript definitions from version 1.3.5 to 1.3.6. The changes update the package manager specification and corresponding type definitions in the project's dependency catalog.

Changes:

• Updated Bun package manager from 1.3.5 to 1.3.6
• Updated @types/bun and bun-types dependencies to match the new version

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updated packageManager field and @types/bun catalog entry to version 1.3.6
bun.lock	Updated lock file entries for @types/bun and bun-types to version 1.3.6 with new SHAs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[amadejkastelic]

This also fixes the nix build, since it is now broken due to version mismatch:

› nix run github:anomalyco/opencode                           
error: builder for '/nix/store/llfmmbgm0nxsv45j1rxrnxix9w2ch1gb-opencode-1.1.25-0924286.drv' failed with exit code 1;
       last 19 log lines:
       > Using versionCheckHook
       > Running phase: unpackPhase
       > unpacking source archive /nix/store/jlz9fd43302q5sdgm4q39la5p324fp16-source
       > source root is source
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > Running phase: buildPhase
       >  8 | if (!expectedBunVersion) {
       >  9 |   throw new Error("packageManager field not found in root package.json")
       > 10 | }
       > 11 |
       > 12 | if (process.versions.bun !== expectedBunVersion) {
       > 13 |   throw new Error(`This script requires bun@${expectedBunVersion}, but you are using bun@${process.versions.bun}`)
       >                  ^
       > error: This script requires bun@1.3.5, but you are using bun@1.3.6
       >       at /build/source/packages/script/src/index.ts:13:13
       > 
       > Bun v1.3.6 (Linux x64)
       For full logs, run:
              nix log /nix/store/llfmmbgm0nxsv45j1rxrnxix9w2ch1gb-opencode-1.1.25-0924286.drv

[Hona]

There was some bun regression hence the downgrade btw

[MBanucu]

We tested your branch 'chore/bump-bun-1.3.6' on our NixOS system, but it failed with a hash mismatch in the opencode-node_modules derivation. The branch updates package.json and bun.lock to Bun 1.3.6, but nix/hashes.json still has the old SHA256 for node_modules. To fix, update nix/hashes.json with the new hash for the updated dependencies. Alternatively, our PRs #9597 and #9618 include complete fixes with semver range support and exact pinning respectively, both including the necessary nix/hashes.json updates. See also: #9583 (comment) for details on why nix hashes are required.

[MBanucu]

Detailed Investigation Report: PR #8865 and Nix Hash Updates

Issue Summary

PR #8865 updates OpenCode to use Bun 1.3.6 by modifying package.json (setting "packageManager": "bun@1.3.6" and "@types/bun": "1.3.6") and regenerating bun.lock. However, it does not update nix/hashes.json, which contains the fixed-output SHA256 hashes for node_modules.

Testing Results

• Branch Testing: We tested the branch (chore/bump-bun-1.3.6) on a NixOS system. The build failed with a hash mismatch in the opencode-node_modules derivation, confirming that the Nix hashes must be updated alongside the package changes.
• Hash Resolution: Manually updating nix/hashes.json with the correct hash resolved the issue, allowing successful builds.

Key Finding

The update-nix-hashes.yml workflow includes a job update-node-modules-hashes that automatically computes and commits the correct hashes when package.json or bun.lock change. This job:

• Runs on push to dev or PRs affecting the relevant paths.
• Skips on PRs from forks to avoid push conflicts (condition: github.event.pull_request.head.repo.full_name == github.repository).
• Would trigger upon merge to dev, automatically updating nix/hashes.json and ensuring successful Nix builds.

Recommendation

Merge PR #8865 to dev to trigger the automated hash update workflow. This will complete the Bun 1.3.6 upgrade without manual intervention. Alternatively, manually update the hashes before merging.

Related PRs/Issues

• Issue Build failure: Bun version mismatch (expects 1.3.5, system has 1.3.6) #9583: Original Bun version mismatch report.
• PR fix(opencode): Allow compatible Bun versions in packageManager field #9597 & fix: Update packageManager to bun@1.3.6 #9618: Our complete fixes with hash updates included.

This ensures the PR fully resolves the issue once integrated into the main branch.

[MBanucu]

Fixes #9583

[MBanucu]

@Hona The 'needs:issue' label didn't disappear because the linking keyword must be in the PR description, not comments. Please update the PR description to include 'Fixes #9583' (or 'Closes #9583') at the beginning or end. This will automatically link the issue and remove the label per CONTRIBUTING.md requirements.

Proposed Full Description:

Fixes #9583

## What does this PR do?
Bumps Bun runtime and TypeScript definitions from 1.3.5 to 1.3.6 to resolve version mismatch errors in Nix builds.

## Changes
- Updates `packageManager` field in `package.json` to `bun@1.3.6`
- Updates `@types/bun` catalog entry to version 1.3.6
- Regenerates `bun.lock` with updated dependency hashes

## Motivation
The Nix flake currently uses Bun 1.3.6, but the build script expects 1.3.5, causing failures. This PR aligns the project with the runtime version.

## How did you verify your code works?
`bun dev` (tui smokecheck)
typecheck + cicd tests

## Additional Notes
- Merging to `dev` will trigger automated hash updates for Nix builds
- Verified Bun 1.3.6 compatibility

[reneleonhardt]

How come your update hasn’t been merged in three weeks to fix the broken build? 😞

And why is renovate or dependabot not being used to automate this manual work?

[MBanucu]

#8865 (comment)
How come your update hasn’t been merged in three weeks to fix the broken build? 😞

And why is renovate or dependabot not being used to automate this manual work?

I think there were some bun versions that the opencode team wanted to skip because of instability on bun side. It could be automated to update the dependencies every day and to test if the dependencies are all stable for the opencode environment and automatically create issues on the dependency projects and automatically fix it and open PRs on the dependency projects.

[Hona]

1.3.8 is in the beta now, we're back to upgrading on cycle

[reneleonhardt]

I think there were some bun versions that the opencode team wanted to skip because of instability on bun side. It could be automated to update the dependencies every day and to test if the dependencies are all stable for the opencode environment and automatically create issues on the dependency projects and automatically fix it and open PRs on the dependency projects.

I never saw such an update bot, it would be an amazing tool to fix ecosystems after breaking updates! ❤️

For example it's been months and maintainers are still not providing Python 3.14 compatible package updates in the conda universe because their own dependencies are not up-to-date, this would massively speed up such a big migration.
https://conda-forge.org/status/migration/?name=python314

The biggest updaters, Renovate and Dependabot, are not using AI yet, so this would be a huge opportunity to build a user base.