Skip to content

chore(deps-dev): bump lint-staged from 15.5.0 to 16.1.2 #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps-dev): bump lint-staged from 15.5.0 to 16.1.2 #464

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 16, 2025
edited
Loading

Bumps lint-staged from 15.5.0 to 16.1.2.

Release notes

Sourced from lint-staged's releases.

v16.1.2

Patch Changes

  • #1570 a7c0c88 Thanks @​ItsNickBarry! - When using --diff-filter with the D option to include deleted staged files, lint-staged no longer tries to stage the deleted files, unless they're no longer deleted. Previously this caused an error from git add like fatal: pathspec 'deleted-file' did not match any files.

  • 38f942e Thanks @​iiroj! - Removed an extraneous log entry that printed shouldHidePArtiallyStagedFiles to console output.

v16.1.1

Patch Changes

  • #1565 3686977 Thanks @​iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash.

  • #1571 02299a9 Thanks @​iiroj! - Function tasks (introduced in v16.0.0) only receive the staged files matching the configured glob, instead of all staged files.

  • #1563 bc61c74 Thanks @​iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case.

    The previous (incorrect) behavior can still be achieved by using both options --no-stash --no-hide-partially-staged at the same time.

v16.1.0

Minor Changes

  • #1536 e729daa Thanks @​iiroj! - A new flag --no-revert has been introduced for when task modifications should be applied to the index before aborting the commit in case of errors. By default, lint-staged will clear all task modifications and revert to the original state.

  • #1550 b27fa3f Thanks @​iiroj! - Lint-staged now ignores symlinks and leaves them out from the list of staged files.

Patch Changes

v16.0.0

Major Changes

  • #1546 158d15c Thanks @​iiroj! - Processes are spawned using nano-spawn instead of execa. If you are using Node.js scripts as tasks, you might need to explicitly run them with node, especially when using Windows:

    {
  "*.js": "node my-js-linter.js"
}

  • #1546 158d15c Thanks @​iiroj! - The --shell flag has been removed and lint-staged no longer supports evaluating commands directly via a shell. To migrate existing commands, you can create a shell script and invoke it instead. Lint-staged will pass matched staged files as a list of arguments, accessible via "$@":

    # my-script.sh
#!/bin/bash
echo "Staged files: $@"

    and

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.1.2

Patch Changes

  • #1570 a7c0c88 Thanks @​ItsNickBarry! - When using --diff-filter with the D option to include deleted staged files, lint-staged no longer tries to stage the deleted files, unless they're no longer deleted. Previously this caused an error from git add like fatal: pathspec 'deleted-file' did not match any files.

  • 38f942e Thanks @​iiroj! - Removed an extraneous log entry that printed shouldHidePArtiallyStagedFiles to console output.

16.1.1

Patch Changes

  • #1565 3686977 Thanks @​iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash.

  • #1571 02299a9 Thanks @​iiroj! - Function tasks (introduced in v16.0.0) only receive the staged files matching the configured glob, instead of all staged files.

  • #1563 bc61c74 Thanks @​iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case.

    The previous (incorrect) behavior can still be achieved by using both options --no-stash --no-hide-partially-staged at the same time.

16.1.0

Minor Changes

  • #1536 e729daa Thanks @​iiroj! - A new flag --no-revert has been introduced for when task modifications should be applied to the index before aborting the commit in case of errors. By default, lint-staged will clear all task modifications and revert to the original state.

  • #1550 b27fa3f Thanks @​iiroj! - Lint-staged now ignores symlinks and leaves them out from the list of staged files.

Patch Changes

16.0.0

Major Changes

  • #1546 158d15c Thanks @​iiroj! - Processes are spawned using nano-spawn instead of execa. If you are using Node.js scripts as tasks, you might need to explicitly run them with node, especially when using Windows:

    {
  "*.js": "node my-js-linter.js"
}

  • #1546 158d15c Thanks @​iiroj! - The --shell flag has been removed and lint-staged no longer supports evaluating commands directly via a shell. To migrate existing commands, you can create a shell script and invoke it instead. Lint-staged will pass matched staged files as a list of arguments, accessible via "$@":

    # my-script.sh
#!/bin/bash

... (truncated)

Commits
  • 0c48e29 chore(changeset): release
  • e07227e perf: call rev-parse only once instead of three times when resolving git repo
  • 38f942e fix: remove extra log entry
  • 5031a71 perf: further optimize file chunking
  • 6ec38b9 perf: optimize file list length calculation (#1581)
  • a7c0c88 fix: only stage changes to deleted files if they're no longer deleted after r...
  • ccd5edd test: pass --no-error-on-unmatched-pattern to prettier command in --diff-opti...
  • 48a6e95 test: add failing test for staged deleted files not passed directly to tasks ...
  • b56b29e test: add failing test for staged deleted files with diff filter D
  • 8420429 chore(changeset): release
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps-dev): bump lint-staged from 15.5.0 to 16.1.2
5f477eb 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 15.5.0 to 16.1.2.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v15.5.0...v16.1.2)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.1.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the 📦 Dependencies Pull requests that update a dependency file label Jun 16, 2025
@dependabot dependabot bot requested a review from AlbertHernandez as a code owner June 16, 2025 12:42
@dependabot dependabot bot added the 📦 Dependencies Pull requests that update a dependency file label Jun 16, 2025
@dependabot dependabot bot mentioned this pull request Jun 16, 2025
Closed
@github-actions github-actions bot added the ignore-for-release Ignore pull request for a new release label Jun 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jun 16, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/lint-staged ^16.1.2 UnknownUnknown
npm/commander 14.0.0 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1022 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 11/12 approved changesets -- score normalized to 9
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/lint-staged 16.1.2 UnknownUnknown
npm/listr2 8.3.3 UnknownUnknown
npm/nano-spawn 1.0.2 UnknownUnknown
npm/yaml 2.8.0 🟢 6.7
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 1Found 3/26 approved changesets -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1020 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Files

  • package.json
  • pnpm-lock.yaml

@github-actions
Copy link
Contributor

github-actions bot commented Jul 17, 2025

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added Stale ignore-for-release Ignore pull request for a new release and removed ignore-for-release Ignore pull request for a new release Stale labels Jul 17, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 4, 2025

Superseded by #483.

@dependabot dependabot bot closed this Aug 4, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/lint-staged-16.1.2 branch August 4, 2025 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlbertHernandez AlbertHernandez Awaiting requested review from AlbertHernandez AlbertHernandez is a code owner

Assignees

No one assigned

Labels

📦 Dependencies Pull requests that update a dependency file ignore-for-release Ignore pull request for a new release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants