Skip to content

chore(deps): bump simple-git and lint-staged#141

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-7d5e2e25ee
Open

chore(deps): bump simple-git and lint-staged#141
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-7d5e2e25ee

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Removes simple-git. It's no longer used after updating ancestor dependency lint-staged. These dependencies need to be updated together.

Removes simple-git

Updates lint-staged from 8.2.1 to 17.0.2

Release notes

Sourced from lint-staged's releases.

v17.0.2

Patch Changes

v17.0.1

Patch Changes

  • #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

v17.0.0

Major Changes

  • #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

  • #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

  • #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

    npm install --development yaml

    If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the content is JSON, consider renaming it to .lintstagedrc.json to avoid needing to install yaml.

Minor Changes

  • #1748 809d5ef Thanks @​iiroj! - Add new option --hide-all for hiding all unstaged changes and untracked files, before running tasks. This makes it easier to run tools like Knip which check for unused code. Untracked files are included in the backup stash and restored automatically after running.

  • #1759 f13045a Thanks @​iiroj! - Update dependencies, including tinyexec@1.1.1 to fix the following issues:

    • When using a Node.js version manager with multiple versions installed (nvm, n, for example), scripts with the #!/usr/bin/env node shebang (Prettier, ESLint, for example) were previously spawned using the default Node.js version configured by the version manager (the one which node points to) on POSIX systems. Now, they will be spawned with the same version that lint-staged itself was started with.
      • For example, if your default Node.js version is 24.14.1 but lint-staged is run with the latest version 25.9.0, the tasks spawned by lint-staged will now also use version 25.9.0. Previously they were spawned using 24.14.1.
    • When installing Node.js from the Ubuntu App Center (Snap store), the node executable available in PATH is a symlink pointing to Snap itself. The sandboxing features of Snap prevented lint-staged from spawning scripts with the #!/usr/bin/env node shebang, because it meant lint-staged tried to spawn Snap via the symlink. This resulted in an ENOENT error when trying to run prettier, for example. Now, since the real node executable's directory is available in the PATH, lint-staged will instead spawn the script with the real node binary succesfully.

  • #1761 d3251b1 Thanks @​iiroj! - Lint-staged now runs git update-index --again after running tasks, instead of git add <originally staged files>. This should improve compatibility when using non-default indexes, for example when committing with a pathspec git commit -m "message" . instead of adding files to the index.

  • #1745 a9585ac Thanks @​iiroj! - Remove commander as a dependency and use the built-in parseArgs from node:util to parse CLI flags.

Patch Changes

  • #1755 c82d30b Thanks @​iiroj! - All tests now pass on the Bun runtime (latest).

  • #1750 a401818 Thanks @​iiroj! - Remove manual handling for git stash --keep-index resurrecting deleted files, because the issue was fixed in Git 2.23.0 and lint-staged requires at least Git 2.32.0.

  • #1771 c4b8936 Thanks @​iiroj! - Fix documentation about multiple config files and the --cwd option. When using it, all tasks will be run in the specified directory. For example, to run everything in the actual process.cwd(), use lint-staged --cwd=".".

v16.4.0

Minor Changes

... (truncated)

Changelog

Sourced from lint-staged's changelog.

17.0.2

Patch Changes

17.0.1

Patch Changes

  • #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

17.0.0

Major Changes

  • #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

  • #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

  • #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

    npm install --development yaml

    If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the content is JSON, consider renaming it to .lintstagedrc.json to avoid needing to install yaml.

Minor Changes

  • #1748 809d5ef Thanks @​iiroj! - Add new option --hide-all for hiding all unstaged changes and untracked files, before running tasks. This makes it easier to run tools like Knip which check for unused code. Untracked files are included in the backup stash and restored automatically after running.

  • #1759 f13045a Thanks @​iiroj! - Update dependencies, including tinyexec@1.1.1 to fix the following issues:

    • When using a Node.js version manager with multiple versions installed (nvm, n, for example), scripts with the #!/usr/bin/env node shebang (Prettier, ESLint, for example) were previously spawned using the default Node.js version configured by the version manager (the one which node points to) on POSIX systems. Now, they will be spawned with the same version that lint-staged itself was started with.
      • For example, if your default Node.js version is 24.14.1 but lint-staged is run with the latest version 25.9.0, the tasks spawned by lint-staged will now also use version 25.9.0. Previously they were spawned using 24.14.1.
    • When installing Node.js from the Ubuntu App Center (Snap store), the node executable available in PATH is a symlink pointing to Snap itself. The sandboxing features of Snap prevented lint-staged from spawning scripts with the #!/usr/bin/env node shebang, because it meant lint-staged tried to spawn Snap via the symlink. This resulted in an ENOENT error when trying to run prettier, for example. Now, since the real node executable's directory is available in the PATH, lint-staged will instead spawn the script with the real node binary succesfully.

  • #1761 d3251b1 Thanks @​iiroj! - Lint-staged now runs git update-index --again after running tasks, instead of git add <originally staged files>. This should improve compatibility when using non-default indexes, for example when committing with a pathspec git commit -m "message" . instead of adding files to the index.

  • #1745 a9585ac Thanks @​iiroj! - Remove commander as a dependency and use the built-in parseArgs from node:util to parse CLI flags.

Patch Changes

  • #1755 c82d30b Thanks @​iiroj! - All tests now pass on the Bun runtime (latest).

  • #1750 a401818 Thanks @​iiroj! - Remove manual handling for git stash --keep-index resurrecting deleted files, because the issue was fixed in Git 2.23.0 and lint-staged requires at least Git 2.32.0.

  • #1771 c4b8936 Thanks @​iiroj! - Fix documentation about multiple config files and the --cwd option. When using it, all tasks will be run in the specified directory. For example, to run everything in the actual process.cwd(), use lint-staged --cwd=".".

16.4.0

... (truncated)

Commits
  • 0a3b253 Merge pull request #1780 from lint-staged/changeset-release/main
  • 36cae27 chore(changeset): release
  • ff03baa Merge pull request #1779 from lint-staged/immutable-release
  • 88670ca ci: force Changesets action to sign Git tag
  • 7f4596b Merge pull request #1777 from lint-staged/changeset-release/main
  • 697c9ae chore(changeset): release
  • 7ed4125 Merge pull request #1778 from lint-staged/fix-changesets
  • bf400fe ci: publish to npm in same Changesets workflow so that a personal token isn't...
  • 0c2e6e5 Merge pull request #1776 from lint-staged/fix-changesets
  • 4a5664b ci: use personal access token with semantic-release so that it can trigger pu...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for lint-staged since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump simple-git and lint-staged
155b28c 
Removes [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git). It's no longer used after updating ancestor dependency [lint-staged](https://github.com/lint-staged/lint-staged). These dependencies need to be updated together.


Removes `simple-git`

Updates `lint-staged` from 8.2.1 to 17.0.2
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v8.2.1...v17.0.2)

---
updated-dependencies:
- dependency-name: simple-git
  dependency-version: 
  dependency-type: indirect
- dependency-name: lint-staged
  dependency-version: 17.0.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 6, 2026
@dependabot dependabot Bot mentioned this pull request May 6, 2026
Closed
cursor[bot]
cursor Bot reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default mode and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 155b28c. Configure here.

Comment thread package.json
"jsdoc": "^3.6.10",
"karma": "^4.1.0",
"lint-staged": "^8.2.1",
"lint-staged": "^17.0.2",
Copy link
Copy Markdown

@cursor cursor Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Outdated lint-staged config with git add breaks partially-staged files

High Severity

Bumping lint-staged from v8 to v17 without updating the lint-staged config block (lines 105–113) breaks the pre-commit workflow. Since v10, lint-staged automatically re-stages task modifications, making the explicit "git add" steps obsolete. Keeping "git add" in the config with v17 causes it to run as a regular task, which will incorrectly stage all changes in partially-staged files — defeating lint-staged's stash-based isolation of unstaged changes.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 155b28c. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants