[Snyk] Upgrade lint-staged from 15.2.10 to 15.5.2

[NOUIY]

Snyk has created this PR to upgrade lint-staged from 15.2.10 to 15.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: lint-staged

• 15.5.2 - 2025-05-06
  

  Patch Changes

  • #1544 5561321 Thanks @ YimingIsCOLD! - Correctly handle colon (:) characters in staged filenames.
• 15.5.1 - 2025-04-11
  

  Patch Changes

  • #1533 5d53534 Thanks @ iiroj! - Improve listing of staged files so that lint-staged doesn't crash when encountering an uninitialized submodule. This should result in less errors like:

    ✖ Failed to get staged files!
    

• 15.5.0 - 2025-03-12
  

  Minor Changes

  • #1526 630af5f Thanks @ iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier.

    Example with Prettier

    By default Prettier prefers double quotes.

    Previously

    1. Stage file.js with only double quotes " changed to '
    2. Run git commit -am "I don't like double quotes"
    3. Lint-staged runs prettier --write file.js, converting all the ' back to "
    4. Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state
    5. Commit was not done, original state is restored and single quotes ' are staged

    Now

    1. Stage file.js with only double-quotes " changed to '
    2. Run git commit -am "I don't like double quotes"
    3. Lint-staged runs prettier --write file.js, converting all the ' back to "
    4. Because there are now no changes, lint-staged fails and cancels the commit
    5. Commit was not done, and there are no staged changes
• 15.4.3 - 2025-01-26
  

  Patch Changes

  • #1512 cbfed1d Thanks @ tarik02! - Adjust TypeScript types for the default export so that it can be used as a value without error TS2693.
• 15.4.2 - 2025-01-23
  

  Patch Changes

  • #1509 8827ebf Thanks @ iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.
• 15.4.1 - 2025-01-16
  

  Patch Changes

  • #1504 1c7a45e Thanks @ iiroj! - Default TypeScript config filenames match JS equivalents.

  • #1504 9cc18c9 Thanks @ iiroj! - Add missing conditional exports syntax for TypeScript types.

• 15.4.0 - 2025-01-16
  

  Minor Changes

  • #1500 a8ec1dd Thanks @ iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:

    /**
     * @ filename: lint-staged.config.js
     * @ type {import('lint-staged').Configuration}
     */
    export default {
      '*': 'prettier --write',
    }

    It's also possible to use the .ts file extension for the configuration if your Node.js version supports it. The --experimental-strip-types flag was introduced in Node.js v22.6.0 and unflagged in v23.6.0, enabling Node.js to execute TypeScript files without additional configuration.

    export NODE_OPTIONS="--experimental-strip-types"

    npx lint-staged --config lint-staged.config.ts

  Patch Changes

  • #1501 9b79364 Thanks @ iiroj! - Handle possible failures when logging user shell for debug info.
• 15.3.0 - 2024-12-28
  

  Minor Changes

  • #1495 e69da9e Thanks @ iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.

  • #1493 fa0fe98 Thanks @ iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

    For example:

    % npx lint-staged
    ✔ Backed up original state in git stash (20addf8)
    ✔ Running tasks for staged files...
    ✔ Applying modifications from tasks...
    ✔ Cleaning up temporary files...
    

    where the backup can be seen with git show 20addf8, or git stash list:

    % git stash list
    stash@{0}: lint-staged automatic backup (20addf8)
    

• 15.2.11 - 2024-12-10
  

  Patch Changes

  • #1484 bcfe309 Thanks @ wormsik! - Escape paths containing spaces when using the "shell" option.

  • #1487 7dd8caa Thanks @ iiroj! - Do not treat submodule root paths as "staged files". This caused lint-staged to fail to a Git error when only updating the revision of a submodule.

• 15.2.10 - 2024-09-01
  

  Patch Changes

  • #1471 e3f283b Thanks @ iiroj! - Update minor dependencies, including micromatch@~4.0.8.

from lint-staged GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
High	pkg:npm/[email protected] upgrade to: > 15.5.2

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.