[Snyk] Upgrade lint-staged from 8.2.1 to 15.2.8 #140

snyk-io · 2024-08-24T07:40:50Z

Snyk has created this PR to upgrade lint-staged from 8.2.1 to 15.2.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 152 versions ahead of your current version.
The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Prototype Pollution SNYK-JS-PROPERTYEXPR-598800	262	Proof of Concept
Command Injection SNYK-JS-SIMPLEGIT-2421199	262	Proof of Concept
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') SNYK-JS-SIMPLEGIT-2434306	262	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221	262	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3177391	262	Proof of Concept
Prototype Pollution SNYK-JS-YUP-2420835	262	Proof of Concept

Release notes

Package name: lint-staged

15.2.8 - 2024-08-03
Patch Changes
- f0480f0 Thanks @ iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue.
  
  The GitHub Actions workflow has been updated to install Git via MSYS2, to ensure better future compatibility; using the default Git binary in the GitHub Actions runner was working correctly even with MSYS2.
15.2.7 - 2024-06-12
Patch Changes
- #1440 a51be80 Thanks @ iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version drops the --path-format=absolute option to support earlier git versions since it's also the default behavior. If you are still having trouble, please try upgrading git to the latest version.
15.2.6 - 2024-06-11
Patch Changes
- #1433 119adb2 Thanks @ iiroj! - Use native "git rev-parse" commands to determine git repo root directory and the .git config directory, instead of using custom logic. This hopefully makes path resolution more robust on non-POSIX systems.
15.2.5 - 2024-05-25
Patch Changes
- #1424 31a1f95 Thanks @ iiroj! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.
- #1423 91abea0 Thanks @ iiroj! - Improve error logging when failing to read or parse a configuration file
- #1424 ee43f15 Thanks @ iiroj! - Upgrade [email protected]
15.2.4 - 2024-05-21
Patch Changes
- 4f4537a Thanks @ iiroj! - Fix release issue with previous version; update dependencies
15.2.2 - 2024-02-05
Patch Changes
- #1391 fdcdad4 Thanks @ iiroj! - Lint-staged no longer tries to load configuration from files that are not checked out. This might happen when using sparse-checkout.
15.2.1 - 2024-01-31
Patch Changes
- #1387 e4023f6 Thanks @ iiroj! - Ignore stdin of spawned commands so that they don't get stuck waiting. Until now, lint-staged has used the default settings to spawn linter commands. This means the stdin of the spawned commands has accepted input, and essentially gotten stuck waiting. Now the stdin is ignored and commands will no longer get stuck. If you relied on this behavior, please open a new issue and describe how; the behavior has not been intended.
15.2.0 - 2023-12-03
Minor Changes
- #1371 f3378be Thanks @ iiroj! - Using the --no-stash flag no longer discards all unstaged changes to partially staged files, which resulted in inadvertent data loss. This fix is available with a new flag --no-hide-partially-staged that is automatically enabled when --no-stash is used.
Patch Changes
- #1362 17bc480 Thanks @ antonk52! - update [email protected]
- #1368 7c55ca9 Thanks @ iiroj! - Update most dependencies
- #1368 777d4e9 Thanks @ iiroj! - To improve performance, only use lilconfig when searching for config files outside the git repo. In the regular case, lint-staged finds the config files from the Git index and loads them directly.
- #1373 85eb0dd Thanks @ iiroj! - When determining git directory, use fs.realpath() only for symlinks. It looks like fs.realpath() changes some Windows mapped network filepaths unexpectedly, causing issues.
15.1.0 - 2023-11-11
Minor Changes
- #1344 0423311 Thanks @ danielbayley! - Add support for loading configuration from package.yaml and package.yml files, supported by pnpm.
Patch Changes
- #1355 105d901 Thanks @ iiroj! - Suppress some warnings when using the "--quiet" flag
15.0.2 - 2023-10-19
15.0.1 - 2023-10-15
15.0.0 - 2023-10-14
14.0.1 - 2023-08-21
14.0.0 - 2023-08-13
13.3.0 - 2023-08-13
13.2.3 - 2023-06-28
13.2.2 - 2023-04-26
13.2.1 - 2023-04-07
13.2.0 - 2023-03-10
13.1.4 - 2023-03-06
13.1.3 - 2023-03-05
13.1.2 - 2023-02-13
13.1.1 - 2023-02-07
13.1.0 - 2022-12-04
13.0.4 - 2022-11-25
13.0.3 - 2022-06-24
13.0.2 - 2022-06-16
13.0.1 - 2022-06-08
13.0.0 - 2022-06-01
12.5.0 - 2022-05-31
12.4.3 - 2022-05-30
12.4.2 - 2022-05-24
12.4.1 - 2022-04-26
12.4.0 - 2022-04-20
12.3.8 - 2022-04-15
12.3.7 - 2022-03-17
12.3.6 - 2022-03-16
12.3.5 - 2022-03-05
12.3.4 - 2022-02-13
12.3.3 - 2022-02-01
12.3.2 - 2022-01-26
12.3.1 - 2022-01-23
12.3.0 - 2022-01-23
12.2.2 - 2022-01-20
12.2.1 - 2022-01-19
12.2.0 - 2022-01-18
12.1.7 - 2022-01-07
12.1.6 - 2022-01-07
12.1.5 - 2022-01-02
12.1.4 - 2021-12-24
12.1.3 - 2021-12-18
12.1.2 - 2021-11-22
12.1.1 - 2021-11-21
12.1.0 - 2021-11-21
12.0.3 - 2021-11-18
12.0.2 - 2021-11-14
12.0.1 - 2021-11-13
12.0.0 - 2021-11-13
11.3.0-beta.2 - 2021-10-30
11.3.0-beta.1 - 2021-10-04
11.2.6 - 2021-10-26
11.2.5 - 2021-10-26
11.2.4 - 2021-10-23
11.2.3 - 2021-10-10
11.2.2 - 2021-10-09
11.2.1 - 2021-10-09
11.2.0 - 2021-10-04
11.2.0-beta.1 - 2021-10-02
11.1.4 - 2021-10-02
11.1.3 - 2021-10-02
11.1.2 - 2021-08-06
11.1.1 - 2021-07-24
11.1.0 - 2021-07-22
11.0.1 - 2021-07-13
11.0.0 - 2021-05-07
10.5.4 - 2021-02-05
10.5.3 - 2020-12-04
10.5.2 - 2020-11-24
10.5.1 - 2020-10-31
10.5.0 - 2020-10-26
10.4.2 - 2020-10-17
10.4.1 - 2020-10-16
10.4.0 - 2020-09-16
10.3.0 - 2020-09-03
10.2.13 - 2020-08-25
10.2.12 - 2020-08-25
10.2.11 - 2020-06-17
10.2.10 - 2020-06-12
10.2.9 - 2020-06-04
10.2.8 - 2020-06-03
10.2.7 - 2020-05-29
10.2.6 - 2020-05-22
10.2.5 - 2020-05-22
10.2.4 - 2020-05-18
10.2.3 - 2020-05-18
10.2.2 - 2020-05-01
10.2.1 - 2020-04-30
10.2.0 - 2020-04-28
10.1.7 - 2020-04-21
10.1.6 - 2020-04-19
10.1.5 - 2020-04-18
10.1.4 - 2020-04-17
10.1.3 - 2020-04-09
10.1.2 - 2020-04-05
10.1.1 - 2020-03-31
10.1.0 - 2020-03-30
10.0.10 - 2020-03-29
10.0.9 - 2020-03-24
10.0.8 - 2020-02-25
10.0.7 - 2020-01-31
10.0.6 - 2020-01-30
10.0.5 - 2020-01-30
10.0.4 - 2020-01-29
10.0.3 - 2020-01-27
10.0.2 - 2020-01-22
10.0.1 - 2020-01-20
10.0.0 - 2020-01-19
10.0.0-beta.15 - 2020-01-08
10.0.0-beta.14 - 2019-12-24
10.0.0-beta.13 - 2019-12-20
10.0.0-beta.12 - 2019-12-18
10.0.0-beta.11 - 2019-12-17
10.0.0-beta.10 - 2019-12-17
10.0.0-beta.9 - 2019-12-16
10.0.0-beta.8 - 2019-12-14
10.0.0-beta.7 - 2019-12-05
10.0.0-beta.6 - 2019-11-27
10.0.0-beta.5 - 2019-11-27
10.0.0-beta.4 - 2019-11-20
10.0.0-beta.3 - 2019-11-14
10.0.0-beta.2 - 2019-11-14
10.0.0-beta.1 - 2019-11-14
10.0.0-1 - 2019-10-24
10.0.0-0 - 2019-09-27
9.5.0 - 2019-11-27
9.5.0-beta.2 - 2019-11-03
9.5.0-beta.1 - 2019-10-31
9.4.3 - 2019-11-13
9.4.2 - 2019-10-08
9.4.1 - 2019-10-01
9.4.0 - 2019-09-26
9.3.0 - 2019-09-22
9.2.5 - 2019-08-27
9.2.4 - 2019-08-25
9.2.3 - 2019-08-17
9.2.2 - 2019-08-17
9.2.1 - 2019-07-25
9.2.0 - 2019-07-10
9.1.0 - 2019-07-06
9.0.2 - 2019-07-03
9.0.1 - 2019-07-02
9.0.0 - 2019-07-01
8.2.1 - 2019-06-13

from lint-staged GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"lint-staged","from":"8.2.1","to":"15.2.8"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PROPERTYEXPR-598800","issue_id":"SNYK-JS-PROPERTYEXPR-598800","priority_score":262,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01063},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 19 2020 15:22:31 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.67},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGIT-2421199","issue_id":"SNYK-JS-SIMPLEGIT-2421199","priority_score":239,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00558},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 11 2022 14:29:26 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":9.79},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGIT-2434306","issue_id":"SNYK-JS-SIMPLEGIT-2434306","priority_score":239,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00559},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 29 2022 14:24:08 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":9.79},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGIT-3112221","issue_id":"SNYK-JS-SIMPLEGIT-3112221","priority_score":242,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02109},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Dec 05 2022 15:30:04 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":9.79},{"name":"likelihood","value":2.47},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGIT-3177391","issue_id":"SNYK-JS-SIMPLEGIT-3177391","priority_score":242,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02103},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jan 23 2023 14:04:31 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":9.79},{"name":"likelihood","value":2.47},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-YUP-2420835","issue_id":"SNYK-JS-YUP-2420835","priority_score":138,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Mar 10 2022 16:03:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.44},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Prototype Pollution"}],"prId":"4e23bf03-cb3a-473a-a70e-7cd9c2e4e78f","prPublicId":"4e23bf03-cb3a-473a-a70e-7cd9c2e4e78f","packageManager":"npm","priorityScoreList":[262,239,239,242,242,138],"projectPublicId":"853e3166-86aa-4cac-87b4-e12c682c04eb","projectUrl":"https://app.snyk.io/org/cachiman/project/853e3166-86aa-4cac-87b4-e12c682c04eb?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-PROPERTYEXPR-598800","SNYK-JS-SIMPLEGIT-2421199","SNYK-JS-SIMPLEGIT-2434306","SNYK-JS-SIMPLEGIT-3112221","SNYK-JS-SIMPLEGIT-3177391","SNYK-JS-YUP-2420835"],"upgradeInfo":{"versionsDiff":152,"publishedDate":"2024-08-03T06:33:01.193Z"},"vulns":["SNYK-JS-PROPERTYEXPR-598800","SNYK-JS-SIMPLEGIT-2421199","SNYK-JS-SIMPLEGIT-2434306","SNYK-JS-SIMPLEGIT-3112221","SNYK-JS-SIMPLEGIT-3177391","SNYK-JS-YUP-2420835"]}'

Snyk has created this PR to upgrade lint-staged from 8.2.1 to 15.2.8. See this package in npm: lint-staged See this project in Snyk: https://app.snyk.io/org/cachiman/project/853e3166-86aa-4cac-87b4-e12c682c04eb?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

google-cla · 2024-08-24T07:40:55Z

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade lint-staged from 8.2.1 to 15.2.8 #140

[Snyk] Upgrade lint-staged from 8.2.1 to 15.2.8 #140

snyk-io bot commented Aug 24, 2024

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Minor Changes

Patch Changes

Minor Changes

Patch Changes

google-cla bot commented Aug 24, 2024

[Snyk] Upgrade lint-staged from 8.2.1 to 15.2.8 #140

Are you sure you want to change the base?

[Snyk] Upgrade lint-staged from 8.2.1 to 15.2.8 #140

Conversation

snyk-io bot commented Aug 24, 2024

Snyk has created this PR to upgrade lint-staged from 8.2.1 to 15.2.8.

Issues fixed by the recommended upgrade:

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Minor Changes

Patch Changes

Minor Changes

Patch Changes

google-cla bot commented Aug 24, 2024