Skip to content

Bump lint-staged from 13.2.1 to 16.2.3 #311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump lint-staged from 13.2.1 to 16.2.3 #311

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 29, 2025

Bumps lint-staged from 13.2.1 to 16.2.3.

Release notes

Sourced from lint-staged's releases.

v16.2.3

Patch Changes

  • #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Patch Changes

  • #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...
✖ lint-staged failed because --fail-on-changes was used.
Any lost modifications can be restored from a git stash:
> git stash list --format="%h %s"
c18d55a3 On main: lint-staged automatic backup
> git apply --index c18d55a3

v16.2.1

Patch Changes

  • #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

    export default {
---  "*": (files: string[]) => void console.log('staged files', files)
+++  "*": (files: readonly string[]) => void console.log('staged files', files)
}

  • #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

  • #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

  • #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

    Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

v16.2.0

Minor Changes

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.3

Patch Changes

  • #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

16.2.2

Patch Changes

  • #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...
✖ lint-staged failed because --fail-on-changes was used.
Any lost modifications can be restored from a git stash:
> git stash list --format="%h %s"
c18d55a3 On main: lint-staged automatic backup
> git apply --index c18d55a3

16.2.1

Patch Changes

  • #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

    export default {
---  "*": (files: string[]) => void console.log('staged files', files)
+++  "*": (files: readonly string[]) => void console.log('staged files', files)
}

  • #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

  • #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

  • #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

    Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

... (truncated)

Commits
  • bdcd03a chore(changeset): release
  • 27cd541 fix: do not count hidden (partially) unstaged changes when using `--fail-on-c...
  • ab2f42e fix: emit correct value to debug logs
  • 3fc5832 refactor: make general error messages more clear they originate from lint-staged
  • 409d79a chore(changeset): release
  • 7edaee9 docs: fix typo in changeset
  • 699f95d fix: backup stash example uses real hash if available
  • 47d01a9 fix: print backup stash example when failing to --fail-on-changes
  • 325dc03 fix: restore unstaged changes on errors when --fail-on-errors or `--no-reve...
  • 53bb27b fix: do not drop backup stash when errors and --fail-on-changes was used
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump lint-staged from 13.2.1 to 16.2.3
a3806cf 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 13.2.1 to 16.2.3.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v13.2.1...v16.2.3)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.2.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 29, 2025
@dependabot dependabot bot mentioned this pull request Sep 29, 2025
Closed
@fossabot
Copy link

fossabot bot commented Sep 30, 2025
edited
Loading

✓ Safe to upgrade

I recommend merging this upgrade because the existing lint-staged configuration uses only standard, stable features that remain fully compatible across this major version jump. The upgrade includes 12 breaking changes, but thorough analysis confirms none affect this project's simple configuration pattern of running Prettier, ESLint, and Stylelint on staged files. The changes primarily address edge cases involving advanced CLI flags and options that are not used in this codebase. Additionally, the upgrade removes a malware-vulnerable debug dependency and includes 13 bug fixes that improve reliability, particularly around git stash handling and process management. The configuration format has remained stable and requires no modifications.

What we checked

  • Configuration uses simple, standard pattern with glob-based matchers and command strings - fully compatible with all versions from 13.x to 16.x [1]
  • Breaking change removes --shell flag, but this project doesn't use shell evaluation - commands are direct tool invocations (prettier, eslint, stylelint) [2]
  • Removal of debug dependency addresses malware vulnerability (CVE related to (RESOLVED) Version 4.4.2 published to npm is compromised debug-js/debug#1005), improving security posture [3]
  • Breaking changes around --no-stash and --fail-on-changes flags don't affect this project as these CLI options are not used in the Husky pre-commit hook [4]
  • Pre-commit hook runs 'yarn lint-staged' with no additional flags, using only default behavior which remains stable [5]

Dependency Usage

lint-staged is configured as a development dependency in this Mastodon application to enforce code quality standards automatically during the git commit workflow via a Husky pre-commit hook. The tool runs Prettier for automatic formatting across all files, ESLint for JavaScript/TypeScript linting, and Stylelint for CSS/SCSS styling checks on staged files before they are committed. This build-time integration ensures consistent code quality and formatting standards across the entire codebase without being invoked directly in application source code, supporting the project's development workflow and maintaining code hygiene for this social media platform.

Changes

lint-staged receives a major update with breaking changes including removal of --shell flag requiring shell scripts be invoked directly, minimum Node.js requirement raised, and stdin of spawned commands now ignored to prevent tasks from hanging. A critical security fix addresses dependency pinning to prevent malware exposure after chalk and debug packages were compromised, plus new features include --fail-on-changes flag to fail commits when tasks modify files and --continue-on-error to run all tasks despite failures.

View 105 more changes
  • ignore "package.json" as config file when it's invalid JSON (#1281) (e7ed6f7) (v13.2.1, changelog)
  • Added new command line flag or configuration option --fail-on-changes that causes lint-staged to fail if changes are detected (vv16.2.2, release notes)
  • #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept! (vv16.2.1, release notes)
  • Changed type of files parameter from string[] to readonly string[] in the default export function (vv16.2.1, release notes)
  • #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages. (vv16.2.1, release notes)
  • #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo. (vv16.2.1, release notes)
  • #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version. (vv16.2.1, release notes)
  • #1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made by tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again. (vv16.2.0, release notes)
  • #1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure. (vv16.2.0, release notes)
  • #1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file. (vv16.2.0, release notes)
  • #1636 8db2717 Thanks @​iiroj! - Added a new option --hide-unstaged so that lint-staged will hide all unstaged changes to tracked files before running tasks. The changes will be applied back after running the tasks. Note that the combination of flags --hide-unstaged --no-hide-partially-staged isn't meaningful and behaves the same as just --hide-unstaged. (vv16.2.0, release notes)
  • #1648 7900b3b Thanks @​iiroj! - Remove lilconfig to reduce reliance on third-party dependencies. It was used to find possible config files outside of those tracked in Git, including from the parent directories. This behavior has been moved directly into lint-staged and should work about the same. (vv16.2.0, release notes)
  • #1633 7f9e485 Thanks @​dependabot! - Bumps listr2 from 9.0.3 to 9.0.4. (vv16.2.0, release notes)
  • #1626 99d5a9b Thanks @​iiroj! - Due to recent phishing attacks, for example chalk@​5.6.1 was released with malware. To avoid lint-staged's users being at risk the direct dependencies are pinned to exact versions, instead of allowing future patch versions with the caret (^) range. (vv16.2.0, release notes)
  • #1588 035bbf2 Thanks @​outslept! - Increase performance by listing staged files and searching for configuration concurrently. (vv16.2.0, release notes)
  • #1645 deba3ad Thanks @​iiroj! - Remove chalk as a dependency due to recent malware issue; read more at Version 5.6.1 published to npm is compromised (RESOLVED) chalk/chalk#656. (vv16.2.0, release notes)
  • Added support for controlling ANSI color code behavior via environment variables FORCE_COLOR=true and NO_COLOR=true (vv16.2.0, release notes)
  • #1610 e93578e Thanks @​iiroj! - Try to improve terminating of subprocess of tasks by using SIGKILL, and only calling pidtree when the the main task process has a known pid. (vv16.1.6, release notes)
  • #1608 4e3ce22 Thanks @​srsatt! - Detect the git repo's top-level directory correctly when in a worktree. (vv16.1.5, release notes)
  • #1604 90b37b0 Thanks @​iiroj! - Add another types field to package.json to make even more sure NPM detects that lint-staged includes built-in TypeScript type definitions. (vv16.1.4, release notes)
  • #1602 7ea700b Thanks @​dword-design! - Add the types field to package.json to make sure NPM detects lint-staged includes built-in TypeScript type definitions. (vv16.1.3, release notes)
  • #1570 a7c0c88 Thanks @​ItsNickBarry! - When using --diff-filter with the D option to include deleted staged files, lint-staged no longer tries to stage the deleted files, unless they're no longer deleted. Previously this caused an error from git add like fatal: pathspec 'deleted-file' did not match any files. (vv16.1.2, release notes)
  • 38f942e Thanks @​iiroj! - Removed an extraneous log entry that printed shouldHidePArtiallyStagedFiles to console output. (vv16.1.2, release notes)
  • #1565 3686977 Thanks @​iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash. (vv16.1.1, release notes)
  • #1571 02299a9 Thanks @​iiroj! - Function tasks (introduced in v16.0.0) only receive the staged files matching the configured glob, instead of all staged files. (vv16.1.1, release notes)
  • #1563 bc61c74 Thanks @​iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case. (vv16.1.1, release notes)
  • Add ability to revert to previous (incorrect) behavior by combining --no-stash and --no-hide-partially-staged options (vv16.1.1, release notes)
  • #1536 e729daa Thanks @​iiroj! - A new flag --no-revert has been introduced for when task modifications should be applied to the index before aborting the commit in case of errors. By default, lint-staged will clear all task modifications and revert to the original state. (vv16.1.0, release notes)
  • #1550 b27fa3f Thanks @​iiroj! - Lint-staged now ignores symlinks and leaves them out from the list of staged files. (vv16.1.0, release notes)
  • #1558 c37dc38 Thanks @​iiroj! - The minimum required Node.js version is lowered to 20.17 following nano-spawn@​1.0.2. (vv16.1.0, release notes)
  • #1546 158d15c Thanks @​iiroj! - Processes are spawned using nano-spawn instead of execa. If you are using Node.js scripts as tasks, you might need to explicitly run them with node, especially when using Windows: (vv16.0.0, release notes)
  • Update lint configuration for JavaScript files to use a custom linter script: "node my-js-linter.js" (vv16.0.0, release notes)
  • #1546 158d15c Thanks @​iiroj! - The --shell flag has been removed and lint-staged no longer supports evaluating commands directly via a shell. To migrate existing commands, you can create a shell script and invoke it instead. Lint-staged will pass matched staged files as a list of arguments, accessible via "$@": (vv16.0.0, release notes)
  • Updated configuration example to show a simple JSON configuration for lint-staged with a single file type matching *.js and a script my-script.sh (vv16.0.0, release notes)
  • If previously using the shell option (e.g., bash -c 'tsc --noEmit') to avoid passing filenames to tasks, users are now recommended to use the function syntax instead (vv16.0.0, release notes)
  • Updated default configuration to run TypeScript compiler (tsc) with --noEmit flag for all TypeScript files (vv16.0.0, release notes)
  • Changed export style to default object notation with TypeScript file matcher and compiler command (vv16.0.0, release notes)
  • #1546 158d15c Thanks @​iiroj! - Validation for deprecated advanced configuration has been removed. The advanced configuration was removed in lint-staged version 9 and until now validation has failed if advanced configuration options were detected. Going forward the entire configuration will be treated with the same logic and if these advanced options are still present, they might be treated as valid globs for staged files instead. (vv16.0.0, release notes)
  • #1546 158d15c Thanks @​iiroj! - The lowest supported Node.js version is 20.18. Please upgrade your Node.js version. (vv16.0.0, release notes)
  • #1401 27110ef Thanks @​RohitLuthra19! - Added support for directly running functions on staged files. To configure a function task, use an object with a title and the task itself: (vv16.0.0, release notes)
  • Added example configuration showing how to export a default object with a configuration that runs a task for staged JavaScript files (vv16.0.0, release notes)
  • Configuration includes a title 'My task' (vv16.0.0, release notes)
  • Task is an async function that logs the staged JavaScript files (vv16.0.0, release notes)
  • Lint-staged will now pass staged files matching a configured glob as arguments to function tasks (vv16.0.0, release notes)
  • Function tasks will now display a custom title in console output when run by lint-staged (vv16.0.0, release notes)
  • #1544 5561321 Thanks @​YimingIsCOLD! - Correctly handle colon (:) characters in staged filenames. (vv15.5.2, release notes)
  • #1533 5d53534 Thanks @​iiroj! - Improve listing of staged files so that lint-staged doesn't crash when encountering an uninitialized submodule. This should result in less errors like: (vv15.5.1, release notes)
  • #1526 630af5f Thanks @​iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier. (vv15.5.0, release notes)
  • Stage file.js with only double quotes " changed to ' (vv15.5.0, release notes)
  • Run git commit -am "I don't like double quotes" (vv15.5.0, release notes)
  • Lint-staged runs prettier --write file.js, converting all the ' back to " (vv15.5.0, release notes)
  • Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state (vv15.5.0, release notes)
  • Commit was not done, original state is restored and single quotes ' are staged (vv15.5.0, release notes)
  • Because there are now no changes, lint-staged fails and cancels the commit (vv15.5.0, release notes)
  • Commit was not done, and there are no staged changes (vv15.5.0, release notes)
  • #1512 cbfed1d Thanks @​tarik02! - Adjust TypeScript types for the default export so that it can be used as a value without error TS2693. (vv15.4.3, release notes)
  • #1509 8827ebf Thanks @​iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level. (vv15.4.2, release notes)
  • #1504 1c7a45e Thanks @​iiroj! - Default TypeScript config filenames match JS equivalents. (vv15.4.1, release notes)
  • #1504 9cc18c9 Thanks @​iiroj! - Add missing conditional exports syntax for TypeScript types. (vv15.4.1, release notes)
  • #1500 a8ec1dd Thanks @​iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files: (vv15.4.0, release notes)
  • @​filename: lint-staged.config.js (vv15.4.0, release notes)
  • @​type {import('lint-staged').Configuration} (vv15.4.0, release notes)
  • Update default configuration to export a configuration object with a global Prettier formatting rule for all files ('*') (vv15.4.0, release notes)
  • Added support for .ts configuration file extension (vv15.4.0, release notes)
  • Enabled direct execution of TypeScript files in Node.js without additional configuration, leveraging Node.js's built-in TypeScript support (vv15.4.0, release notes)
  • Add support for NODE_OPTIONS="--experimental-strip-types" when running lint-staged (vv15.4.0, release notes)
  • #1501 9b79364 Thanks @​iiroj! - Handle possible failures when logging user shell for debug info. (vv15.4.0, release notes)
  • #1495 e69da9e Thanks @​iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues. (vv15.3.0, release notes)
  • #1493 fa0fe98 Thanks @​iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing. (vv15.3.0, release notes)
  • #1484 bcfe309 Thanks @​wormsik! - Escape paths containing spaces when using the "shell" option. (vv15.2.11, release notes)
  • #1487 7dd8caa Thanks @​iiroj! - Do not treat submodule root paths as "staged files". This caused lint-staged to fail to a Git error when only updating the revision of a submodule. (vv15.2.11, release notes)
  • #1471 e3f283b Thanks @​iiroj! - Update minor dependencies, including micromatch@~4.0.8. (vv15.2.10, release notes)
  • #1463 b69ce2d Thanks @​iiroj! - Set the maximum number of event listeners to the number of tasks. This should silence the console warning MaxListenersExceededWarning: Possible EventEmitter memory leak detected. (vv15.2.9, release notes)
  • f0480f0 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue. (vv15.2.8, release notes)
  • Updated GitHub Actions workflow to install Git via MSYS2 (vv15.2.8, release notes)
  • Improved Git binary compatibility in GitHub Actions runner (vv15.2.8, release notes)
  • #1440 a51be80 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version drops the --path-format=absolute option to support earlier git versions since it's also the default behavior. If you are still having trouble, please try upgrading git to the latest version. (vv15.2.7, release notes)
  • #1433 119adb2 Thanks @​iiroj! - Use native "git rev-parse" commands to determine git repo root directory and the .git config directory, instead of using custom logic. This hopefully makes path resolution more robust on non-POSIX systems. (vv15.2.6, release notes)
  • #1424 31a1f95 Thanks @​iiroj! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available. (vv15.2.5, release notes)
  • #1423 91abea0 Thanks @​iiroj! - Improve error logging when failing to read or parse a configuration file (vv15.2.5, release notes)
  • #1424 ee43f15 Thanks @​iiroj! - Upgrade micromatch@​4.0.7 (vv15.2.5, release notes)
  • 4f4537a Thanks @​iiroj! - Fix release issue with previous version; update dependencies (vv15.2.4, release notes)
  • #1407 d698162 Thanks @​iiroj! - Update dependencies (vv15.2.3, release notes)
  • #1391 fdcdad4 Thanks @​iiroj! - Lint-staged no longer tries to load configuration from files that are not checked out. This might happen when using sparse-checkout. (vv15.2.2, release notes)
  • #1387 e4023f6 Thanks @​iiroj! - Ignore stdin of spawned commands so that they don't get stuck waiting. Until now, lint-staged has used the default settings to spawn linter commands. This means the stdin of the spawned commands has accepted input, and essentially gotten stuck waiting. Now the stdin is ignored and commands will no longer get stuck. If you relied on this behavior, please open a new issue and describe how; the behavior has not been intended. (vv15.2.1, release notes)
  • #1371 f3378be Thanks @​iiroj! - Using the --no-stash flag no longer discards all unstaged changes to partially staged files, which resulted in inadvertent data loss. This fix is available with a new flag --no-hide-partially-staged that is automatically enabled when --no-stash is used. (vv15.2.0, release notes)
  • #1362 17bc480 Thanks @​antonk52! - update lilconfig@​3.0.0 (vv15.2.0, release notes)
  • #1368 7c55ca9 Thanks @​iiroj! - Update most dependencies (vv15.2.0, release notes)
  • #1368 777d4e9 Thanks @​iiroj! - To improve performance, only use lilconfig when searching for config files outside the git repo. In the regular case, lint-staged finds the config files from the Git index and loads them directly. (vv15.2.0, release notes)
  • #1373 85eb0dd Thanks @​iiroj! - When determining git directory, use fs.realpath() only for symlinks. It looks like fs.realpath() changes some Windows mapped network filepaths unexpectedly, causing issues. (vv15.2.0, release notes)
  • #1344 0423311 Thanks @​danielbayley! - Add support for loading configuration from package.yaml and package.yml files, supported by pnpm. (vv15.1.0, release notes)
  • #1355 105d901 Thanks @​iiroj! - Suppress some warnings when using the "--quiet" flag (vv15.1.0, release notes)
  • #1339 8e82364 Thanks @​iiroj! - Update dependencies, including listr2@​7.0.2 to fix an upstream issue affecting lint-staged. (vv15.0.2, release notes)
  • #1217 d2e6f8b Thanks @​louneskmt! - Previously it was possible for a function task to mutate the list of staged files passed to the function, and accidentally affect the generation of other tasks. This is now fixed by passing a copy of the original file list instead. (vv15.0.1, release notes)
  • #1322 66b93aa Thanks @​iiroj! - Require at least Node.js 18.12.0 (vv15.0.0, release notes)
  • Drop support for Node.js 16, which reaches end-of-life (EOL) after 2023-09-11 (vv15.0.0, release notes)
  • Updated all dependencies to their latest versions (vv15.0.0, release notes)
  • fix reading config from stdin, introduced in v14.0.0 (#1317) (fc3bfea) (vv14.0.1, release notes)
  • drop support for Node.js 14 (#1312) (9da8777) (vv14.0.0, release notes)
  • Please upgrade your Node.js version to at least 16.14.0. (vv14.0.0, release notes)
  • dependencies: update most dependencies (7443870) (vv13.3.0, release notes)
  • detect duplicate redundant braces in pattern (d895aa8) (vv13.3.0, release notes)
  • dependencies: update listr2@​6.6.0 (09844ca) (vv13.3.0, release notes)
  • the --diff option implies --no-stash (66a716d) (vv13.2.3, release notes)
  • dependencies: update yaml@​2.2.2 (GHSA-f9xv-q969-pqx4) (#1290) (cf691aa) (vv13.2.2, release notes)
References (5)

[1]: Configuration uses simple, standard pattern with glob-based matchers and command strings - fully compatible with all versions from 13.x to 16.x

mastodon/package.json

Line 214 in a3806cf

"lint-staged": {

[2]: Breaking change removes --shell flag, but this project doesn't use shell evaluation - commands are direct tool invocations (prettier, eslint, stylelint) (more)

[3]: Removal of debug dependency addresses malware vulnerability (CVE related to debug-js/debug#1005), improving security posture (more)

[4]: Breaking changes around --no-stash and --fail-on-changes flags don't affect this project as these CLI options are not used in the Husky pre-commit hook (more)

[5]: Pre-commit hook runs 'yarn lint-staged' with no additional flags, using only default behavior which remains stable

mastodon/.husky/pre-commit

Line 4 in a3806cf

yarn lint-staged

fossabot analyzed this PR using dependency research.

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 13, 2025

Superseded by #323.

@dependabot dependabot bot closed this Oct 13, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/lint-staged-16.2.3 branch October 13, 2025 02:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant