Skip to content

chore(deps-dev): bump lint-staged from 15.5.2 to 16.2.7#53

Merged
Mehdi-Bl merged 4 commits into
mainfrom
dependabot/npm_and_yarn/lint-staged-16.2.7
Feb 10, 2026
Merged

chore(deps-dev): bump lint-staged from 15.5.2 to 16.2.7#53
Mehdi-Bl merged 4 commits into
mainfrom
dependabot/npm_and_yarn/lint-staged-16.2.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps lint-staged from 15.5.2 to 16.2.7.

Release notes

Sourced from lint-staged's releases.

v16.2.7

Patch Changes

  • #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

v16.2.6

Patch Changes

  • #1693 33d4502 Thanks @​Adrian-Baran-GY! - Fix problems with --continue-on-error option, where tasks might have still been killed (SIGINT) when one of them failed.

v16.2.5

Patch Changes

  • #1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

v16.2.4

Patch Changes

v16.2.3

Patch Changes

  • #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Patch Changes

  • #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...
✖ lint-staged failed because --fail-on-changes was used.
Any lost modifications can be restored from a git stash:
> git stash list --format="%h %s"
c18d55a3 On main: lint-staged automatic backup
> git apply --index c18d55a3

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.7

Patch Changes

  • #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

16.2.6

Patch Changes

  • #1693 33d4502 Thanks @​Adrian-Baran-GY! - Fix problems with --continue-on-error option, where tasks might have still been killed (SIGINT) when one of them failed.

16.2.5

Patch Changes

  • #1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

16.2.4

Patch Changes

16.2.3

Patch Changes

  • #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

16.2.2

Patch Changes

  • #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...
✖ lint-staged failed because --fail-on-changes was used.
Any lost modifications can be restored from a git stash:

... (truncated)

Commits
  • 0c1b000 chore(changeset): release
  • 595b202 build(deps): update dependencies
  • ef74c8d fix: do display "failed to spawn" message when task fails normally
  • 5cf2a1e style: do not autofix when running lint-staged
  • ba40012 chore: drop npx from commit-msg hook
  • d67de9a chore: fix pre-push hook usage with changeset
  • 8017d1d build(deps): update dependencies
  • 922d7f4 ci: remove dependabot integration, it's not useful
  • 6aeeef1 docs: add PR template
  • a5728b5 docs: add AGENTS.md
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 10, 2026
@dependabot @github

dependabot Bot commented on behalf of github Feb 10, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Feb 10, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/cli-truncate 5.1.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/commander 14.0.3 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 8Found 8/9 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1014 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
Vulnerabilities🟢 82 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
npm/lint-staged 16.2.7 UnknownUnknown
npm/listr2 9.0.5 UnknownUnknown
npm/nano-spawn 2.0.0 UnknownUnknown
npm/string-width 8.1.1 🟢 4.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 9/30 approved changesets -- score normalized to 3
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained⚠️ 22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • package-lock.json

@Mehdi-Bl Mehdi-Bl force-pushed the dependabot/npm_and_yarn/lint-staged-16.2.7 branch from 230143c to 145c67f Compare February 10, 2026 06:38
@Mehdi-Bl Mehdi-Bl enabled auto-merge (squash) February 10, 2026 06:39
@dependabot @Mehdi-Bl
chore(deps-dev): bump lint-staged from 15.5.2 to 16.2.7
774fdc3 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 15.5.2 to 16.2.7.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v15.5.2...v16.2.7)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.2.7
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@Mehdi-Bl Mehdi-Bl force-pushed the dependabot/npm_and_yarn/lint-staged-16.2.7 branch from 145c67f to 774fdc3 Compare February 10, 2026 06:44
@Mehdi-Bl Mehdi-Bl merged commit ddc774a into main Feb 10, 2026
11 checks passed
@Mehdi-Bl Mehdi-Bl deleted the dependabot/npm_and_yarn/lint-staged-16.2.7 branch February 10, 2026 07:01
@sonarqubecloud

sonarqubecloud Bot commented Feb 10, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mehdi-Bl