Skip to content

[Snyk] Upgrade lint-staged from 10.5.4 to 16.1.5 #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade lint-staged from 10.5.4 to 16.1.5 #193

wants to merge 1 commit into from

Conversation

nerdy-tech-com-gitub
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade lint-staged from 10.5.4 to 16.1.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 93 versions ahead of your current version.

  • The recommended version was released 23 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 63 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 63 Proof of Concept
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 63 No Known Exploit
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		 63 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 63 Proof of Concept
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137		 63 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417		 63 Proof of Concept
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 63 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 63 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 63 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 63 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 63 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 63 Proof of Concept
high severity Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		 63 No Known Exploit
high severity Improper Link Resolution Before File Access ('Link Following')
SNYK-JS-TARFS-10293725		 63 No Known Exploit
high severity Symlink Attack
SNYK-JS-TARFS-9535930		 63 Mature
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-3244450		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		 63 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 63 No Known Exploit
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533		 63 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 63 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 63 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 63 No Known Exploit
medium severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 63 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 63 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-OCTOKITENDPOINT-8730856		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-OCTOKITPLUGINPAGINATEREST-8730855		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-OCTOKITREQUEST-8730853		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-OCTOKITREQUESTERROR-8730854		 63 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		 63 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692		 63 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-ROLLUP-8073097		 63 Proof of Concept
medium severity Symlink Attack
SNYK-JS-TMP-11501554		 63 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 63 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 63 Proof of Concept
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 63 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 63 Proof of Concept
Release notes
Package name: lint-staged
  • 16.1.5 - 2025-08-08

    Patch Changes

    • #1608 4e3ce22 Thanks @ srsatt! - Detect the git repo's top-level directory correctly when in a worktree.
  • 16.1.4 - 2025-08-03

    Patch Changes

    • #1604 90b37b0 Thanks @ iiroj! - Add another types field to package.json to make even more sure NPM detects that lint-staged includes built-in TypeScript type definitions.
  • 16.1.3 - 2025-08-03

    Patch Changes

    • #1602 7ea700b Thanks @ dword-design! - Add the types field to package.json to make sure NPM detects lint-staged includes built-in TypeScript type definitions.
  • 16.1.2 - 2025-06-15

    Patch Changes

    • #1570 a7c0c88 Thanks @ ItsNickBarry! - When using --diff-filter with the D option to include deleted staged files, lint-staged no longer tries to stage the deleted files, unless they're no longer deleted. Previously this caused an error from git add like fatal: pathspec 'deleted-file' did not match any files.

    • 38f942e Thanks @ iiroj! - Removed an extraneous log entry that printed shouldHidePArtiallyStagedFiles to console output.

  • 16.1.1 - 2025-06-14

    Patch Changes

    • #1565 3686977 Thanks @ iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash.

    • #1571 02299a9 Thanks @ iiroj! - Function tasks (introduced in v16.0.0) only receive the staged files matching the configured glob, instead of all staged files.

    • #1563 bc61c74 Thanks @ iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case.

      The previous (incorrect) behavior can still be achieved by using both options --no-stash --no-hide-partially-staged at the same time.

  • 16.1.0 - 2025-05-27

    Minor Changes

    • #1536 e729daa Thanks @ iiroj! - A new flag --no-revert has been introduced for when task modifications should be applied to the index before aborting the commit in case of errors. By default, lint-staged will clear all task modifications and revert to the original state.

    • #1550 b27fa3f Thanks @ iiroj! - Lint-staged now ignores symlinks and leaves them out from the list of staged files.

    Patch Changes

  • 16.0.0 - 2025-05-10

    Major Changes

    • #1546 158d15c Thanks @ iiroj! - Processes are spawned using nano-spawn instead of execa. If you are using Node.js scripts as tasks, you might need to explicitly run them with node, especially when using Windows:

      {
  "*.js": "node my-js-linter.js"
}

    • #1546 158d15c Thanks @ iiroj! - The --shell flag has been removed and lint-staged no longer supports evaluating commands directly via a shell. To migrate existing commands, you can create a shell script and invoke it instead. Lint-staged will pass matched staged files as a list of arguments, accessible via "$@":

      # my-script.sh
      #!/bin/bash

      echo "Staged files: $@"

      and

      { "*.js": "my-script.sh" }

      If you were using the shell option to avoid passing filenames to tasks, for example bash -c 'tsc --noEmit', use the function syntax instead:

      export default { '*.ts': () => 'tsc --noEmit' }

    • #1546 158d15c Thanks @ iiroj! - Validation for deprecated advanced configuration has been removed. The advanced configuration was removed in lint-staged version 9 and until now validation has failed if advanced configuration options were detected. Going forward the entire configuration will be treated with the same logic and if these advanced options are still present, they might be treated as valid globs for staged files instead.

    • #1546 158d15c Thanks @ iiroj! - The lowest supported Node.js version is 20.18. Please upgrade your Node.js version.

    Minor Changes

    • #1401 27110ef Thanks @ RohitLuthra19! - Added support for directly running functions on staged files. To configure a function task, use an object with a title and the task itself:

      export default {
  '*.js': {
    title: 'My task',
    task: async (files) => {
      console.log('Staged JS files:', files)
    },
  },
}

      Lint-staged will run your function task with the staged files matching the configured glob as its argument, and show the custom title in its console output.

  • 15.5.2 - 2025-05-06

    Patch Changes

  • 15.5.1 - 2025-04-11

    Patch Changes

    • #1533 5d53534 Thanks @ iiroj! - Improve listing of staged files so that lint-staged doesn't crash when encountering an uninitialized submodule. This should result in less errors like:

      ✖ Failed to get staged files!
  • 15.5.0 - 2025-03-12

    Minor Changes

    • #1526 630af5f Thanks @ iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier.

      Example with Prettier

      By default Prettier prefers double quotes.

      Previously

      1. Stage file.js with only double quotes " changed to '
      2. Run git commit -am "I don't like double quotes"
      3. Lint-staged runs prettier --write file.js, converting all the ' back to "
      4. Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state
      5. Commit was not done, original state is restored and single quotes ' are staged

      Now

      1. Stage file.js with only double-quotes " changed to '
      2. Run git commit -am "I don't like double quotes"
      3. Lint-staged runs prettier --write file.js, converting all the ' back to "
      4. Because there are now no changes, lint-staged fails and cancels the commit
      5. Commit was not done, and there are no staged changes
  • 15.4.3 - 2025-01-26
  • 15.4.2 - 2025-01-23
  • 15.4.1 - 2025-01-16
  • 15.4.0 - 2025-01-16
  • 15.3.0 - 2024-12-28
  • 15.2.11 - 2024-12-10
  • 15.2.10 - 2024-09-01
  • 15.2.9 - 2024-08-13
  • 15.2.8 - 2024-08-03
  • 15.2.7 - 2024-06-12
  • 15.2.6 - 2024-06-11
  • 15.2.5 - 2024-05-25
  • 15.2.4 - 2024-05-21
  • 15.2.2 - 2024-02-05
  • 15.2.1 - 2024-01-31
  • 15.2.0 - 2023-12-03
  • 15.1.0 - 2023-11-11
  • 15.0.2 - 2023-10-19
  • 15.0.1 - 2023-10-15
  • 15.0.0 - 2023-10-14
  • 14.0.1 - 2023-08-21
  • 14.0.0 - 2023-08-13
  • 13.3.0 - 2023-08-13
  • 13.2.3 - 2023-06-28
  • 13.2.2 - 2023-04-26
  • 13.2.1 - 2023-04-07
  • 13.2.0 - 2023-03-10
  • 13.1.4 - 2023-03-06
  • 13.1.3 - 2023-03-05
  • 13.1.2 - 2023-02-13
  • 13.1.1 - 2023-02-07
  • 13.1.0 - 2022-12-04
  • 13.0.4 - 2022-11-25
  • 13.0.3 - 2022-06-24
  • 13.0.2 - 2022-06-16
  • 13.0.1 - 2022-06-08
  • 13.0.0 - 2022-06-01
  • 12.5.0 - 2022-05-31
  • 12.4.3 - 2022-05-30
  • 12.4.2 - 2022-05-24
  • 12.4.1 - 2022-04-26
  • 12.4.0 - 2022-04-20
  • 12.3.8 - 2022-04-15
  • 12.3.7 - 2022-03-17
  • 12.3.6 - 2022-03-16
  • 12.3.5 - 2022-03-05
  • 12.3.4 - 2022-02-13
  • 12.3.3 - 2022-02-01
  • 12.3.2 - 2022-01-26
  • 12.3.1 - 2022-01-23
  • 12.3.0 - 2022-01-23
  • 12.2.2 - 2022-01-20
  • 12.2.1 - 2022-01-19
  • 12.2.0 - 2022-01-18
  • 12.1.7 - 2022-01-07
  • 12.1.6 - 2022-01-07
  • 12.1.5 - 2022-01-02
  • 12.1.4 - 2021-12-24
  • 12.1.3 - 2021-12-18
  • 12.1.2 - 2021-11-22
  • 12.1.1 - 2021-11-21
  • 12.1.0 - 2021-11-21
  • 12.0.3 - 2021-11-18
  • 12.0.2 - 2021-11-14
  • 12.0.1 - 2021-11-13
  • 12.0.0 - 2021-11-13
  • 11.3.0-beta.2 - 2021-10-30
  • 11.3.0-beta.1 - 2021-10-04
  • 11.2.6 - 2021-10-26
  • 11.2.5 - 2021-10-26
  • 11.2.4 - 2021-10-23
  • 11.2.3 - 2021-10-10
  • 11.2.2 - 2021-10-09
  • 11.2.1 - 2021-10-09
  • 11.2.0 - 2021-10-04
  • 11.2.0-beta.1 - 2021-10-02
  • 11.1.4 - 2021-10-02
  • 11.1.3 - 2021-10-02
  • 11.1.2 - 2021-08-06
  • 11.1.1 - 2021-07-24
  • 11.1.0 - 2021-07-22
  • 11.0.1 - 2021-07-13
  • 11.0.0 - 2021-05-07
  • 10.5.4 - 2021-02-05
from lint-staged GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade lint-staged from 10.5.4 to 16.1.5
409d893 
Snyk has created this PR to upgrade lint-staged from 10.5.4 to 16.1.5.

See this package in npm:
lint-staged

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/bf4e0bbc-6133-4196-a6ba-f683223a4e51?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nerdy-tech-com-gitub @snyk-bot