chore(deps-dev): bump lint-staged from 15.5.0 to 16.2.0

[dependabot]

Bumps lint-staged from 15.5.0 to 16.2.0.

Release notes

Sourced from lint-staged's releases.

v16.2.0

Minor Changes

• #1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made my tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again.

• #1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure.

• #1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file.

• #1647 a5ecc06 Thanks @​iiroj! - Remove debug as a dependency due to recent malware issue; read more at debug-js/debug#1005. Because of this, the DEBUG environment variable is no longer supported — use the --debug to enable debugging

• #1636 8db2717 Thanks @​iiroj! - Added a new option --hide-unstaged so that lint-staged will hide all unstaged changes to tracked files before running tasks. The changes will be applied back after running the tasks. Note that the combination of flags --hide-unstaged --no-hide-partially-staged isn't meaningful and behaves the same as just --hide-unstaged.

  Thanks to @​ItsNickBarry for the idea and initial implementation in #1552.

• #1648 7900b3b Thanks @​iiroj! - Remove lilconfig to reduce reliance on third-party dependencies. It was used to find possible config files outside of those tracked in Git, including from the parent directories. This behavior has been moved directly into lint-staged and should work about the same.

Patch Changes

• #1633 7f9e485 Thanks @​dependabot! - Bumps listr2 from 9.0.3 to 9.0.4.

• #1626 99d5a9b Thanks @​iiroj! - Due to recent phishing attacks, for example chalk@5.6.1 was released with malware. To avoid lint-staged's users being at risk the direct dependencies are pinned to exact versions, instead of allowing future patch versions with the caret (^) range.

• #1588 035bbf2 Thanks @​outslept! - Increase performance by listing staged files and searching for configuration concurrently.

• #1645 deba3ad Thanks @​iiroj! - Remove chalk as a dependency due to recent malware issue; read more at chalk/chalk#656.

  If you are having trouble with ANSI color codes when using lint-staged, you can try setting either FORCE_COLOR=true or NO_COLOR=true env variables.

v16.1.6

Patch Changes

• #1610 e93578e Thanks @​iiroj! - Try to improve terminating of subprocess of tasks by using SIGKILL, and only calling pidtree when the the main task process has a known pid.

v16.1.5

Patch Changes

• #1608 4e3ce22 Thanks @​srsatt! - Detect the git repo's top-level directory correctly when in a worktree.

v16.1.4

Patch Changes

• #1604 90b37b0 Thanks @​iiroj! - Add another types field to package.json to make even more sure NPM detects that lint-staged includes built-in TypeScript type definitions.

v16.1.3

Patch Changes

• #1602 7ea700b Thanks @​dword-design! - Add the types field to package.json to make sure NPM detects lint-staged includes built-in TypeScript type definitions.

v16.1.2

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.0

Minor Changes

• #1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made my tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again.

• #1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure.

• #1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file.

• #1647 a5ecc06 Thanks @​iiroj! - Remove debug as a dependency due to recent malware issue; read more at debug-js/debug#1005. Because of this, the DEBUG environment variable is no longer supported — use the --debug to enable debugging

• #1636 8db2717 Thanks @​iiroj! - Added a new option --hide-unstaged so that lint-staged will hide all unstaged changes to tracked files before running tasks. The changes will be applied back after running the tasks. Note that the combination of flags --hide-unstaged --no-hide-partially-staged isn't meaningful and behaves the same as just --hide-unstaged.

  Thanks to @​ItsNickBarry for the idea and initial implementation in #1552.

• #1648 7900b3b Thanks @​iiroj! - Remove lilconfig to reduce reliance on third-party dependencies. It was used to find possible config files outside of those tracked in Git, including from the parent directories. This behavior has been moved directly into lint-staged and should work about the same.

Patch Changes

• #1633 7f9e485 Thanks @​dependabot! - Bumps listr2 from 9.0.3 to 9.0.4.

• #1626 99d5a9b Thanks @​iiroj! - Due to recent phishing attacks, for example chalk@5.6.1 was released with malware. To avoid lint-staged's users being at risk the direct dependencies are pinned to exact versions, instead of allowing future patch versions with the caret (^) range.

• #1588 035bbf2 Thanks @​outslept! - Increase performance by listing staged files and searching for configuration concurrently.

• #1645 deba3ad Thanks @​iiroj! - Remove chalk as a dependency due to recent malware issue; read more at chalk/chalk#656.

  If you are having trouble with ANSI color codes when using lint-staged, you can try setting either FORCE_COLOR=true or NO_COLOR=true env variables.

16.1.6

Patch Changes

• #1610 e93578e Thanks @​iiroj! - Try to improve terminating of subprocess of tasks by using SIGKILL, and only calling pidtree when the the main task process has a known pid.

16.1.5

Patch Changes

• #1608 4e3ce22 Thanks @​srsatt! - Detect the git repo's top-level directory correctly when in a worktree.

16.1.4

Patch Changes

• #1604 90b37b0 Thanks @​iiroj! - Add another types field to package.json to make even more sure NPM detects that lint-staged includes built-in TypeScript type definitions.

16.1.3

... (truncated)

Commits

• 54c9bea chore(changeset): release
• da1ec1d build(deps-dev): bump eslint-plugin-n from 17.23.0 to 17.23.1
• 63361a8 feat: flag --fail-on-changes implies --no-revert
• bcde025 docs: removal of debug is "minor" instead of "patch" level change
• 7900b3b feat: remove lilconfig as a dependency
• a5ecc06 feat: remove debug as a dependency
• 616b2d3 ci: use actions/checkout@v5
• d6397a5 ci: use @​actions/setup-node@​v5
• 4499b73 ci: run tests with lowest supported Node.js version 20.17.0
• b4b69e5 fix: pass either FORCE_COLOR or NO_COLOR to tasks based on detected support
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/lint-staged	^16.2.0	Unknown	Unknown
npm/ansi-escapes	7.1.0	🟢 4.3	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/ansi-regex	6.2.2	🟢 4.7	Details Check Score Reason Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Code-Review 🟢 3 Found 10/30 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/ansi-styles	6.2.3	🟢 4.3	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/cli-truncate	5.1.0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/commander	14.0.1	🟢 7.1	Details Check Score Reason Maintained 🟢 10 0 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review 🟢 9 Found 11/12 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/emoji-regex	10.5.0	🟢 3.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/get-east-asian-width	1.4.0	🟢 4.5	Details Check Score Reason Code-Review 🟢 4 Found 8/17 approved changesets -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/is-fullwidth-code-point	5.1.0	🟢 4.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 9/26 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/lint-staged	16.2.0	Unknown	Unknown
npm/listr2	9.0.4	Unknown	Unknown
npm/nano-spawn	1.0.3	Unknown	Unknown
npm/slice-ansi	7.1.2	🟢 4.3	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/string-width	8.1.0	🟢 4.4	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/strip-ansi	7.1.2	🟢 4.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/wrap-ansi	9.0.2	🟢 4.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 3 Found 10/30 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/yaml	2.8.1	🟢 6.8	Details Check Score Reason Code-Review ⚠️ 1 Found 4/26 approved changesets -- score normalized to 1 Maintained 🟢 10 9 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• package.json
• pnpm-lock.yaml

[dependabot]

Superseded by #521.