⬆️ npm: Bump the npm group with 12 updates

[dependabot]

Bumps the npm group with 12 updates:

Package	From	To
@octokit/core	7.0.3	7.0.5
@octokit/plugin-paginate-rest	13.1.1	13.2.0
@octokit/plugin-throttling	11.0.1	11.0.2
chalk	5.6.0	5.6.2
got	14.4.8	14.4.9
meow	13.2.0	14.0.0
normalize-url	8.0.2	8.1.0
ora	8.2.0	9.0.0
winston	3.17.0	3.18.3
globals	16.3.0	16.4.0
jest	30.1.2	30.2.0
lint-staged	16.1.5	16.2.3

Updates @octokit/core from 7.0.3 to 7.0.5

Release notes

Sourced from @​octokit/core's releases.

v7.0.5

7.0.5 (2025-09-29)

Bug Fixes

• deps: update octokit dependencies, and @​sinonjs/fake-timers (#749) (14d23a1)

v7.0.4

7.0.4 (2025-09-16)

Bug Fixes

• deps: update dependency @​octokit/types to v15 (#748) (03b6c28)

Commits

• 14d23a1 fix(deps): update octokit dependencies, and @​sinonjs/fake-timers (#749)
• e4d0776 ci(action): update actions/setup-node action to v5 (#746)
• 03b6c28 fix(deps): update dependency @​octokit/types to v15 (#748)
• 4951837 ci(action): update actions/checkout action to v5 (#745)
• f576bc8 chore(deps): bump vite from 6.3.5 to 6.3.6 (#747)
• 9c425e3 chore(deps): update dependency prettier to v3.6.2 (#743)
• See full diff in compare view

Updates @octokit/plugin-paginate-rest from 13.1.1 to 13.2.0

Release notes

Sourced from @​octokit/plugin-paginate-rest's releases.

v13.2.0

13.2.0 (2025-09-29)

Features

• new Projects v2 endpoints, new code scanning dismissal endpoints, many other endpoints (#690) (0e236cb)

Commits

• 80745be ci(action): update actions/checkout action to v5 (#687)
• 0e236cb feat: new Projects v2 endpoints, new code scanning dismissal endpoints, many ...
• bf19e3e chore(deps): update dependency prettier to v3.6.2 (#685)
• 4f9fc56 ci(action): update actions/setup-node action to v5 (#688)
• See full diff in compare view

Updates @octokit/plugin-throttling from 11.0.1 to 11.0.2

Release notes

Sourced from @​octokit/plugin-throttling's releases.

v11.0.2

11.0.2 (2025-09-29)

Bug Fixes

• deps: update dependency @​octokit/types to v15 (#802) (c9ecfea)

Commits

• c9ecfea fix(deps): update dependency @​octokit/types to v15 (#802)
• 790adf6 build(deps): lock file maintenance (#796)
• 9395a23 ci(action): update actions/checkout action to v5 (#799)
• See full diff in compare view

Updates chalk from 5.6.0 to 5.6.2

Release notes

Sourced from chalk's releases.

v5.6.2

• Fix vulnerability in 5.6.1, see: chalk/chalk#656

Commits

• 5155778 5.6.2
• See full diff in compare view

Updates got from 14.4.8 to 14.4.9

Release notes

Sourced from got's releases.

v14.4.9

• Fix hang with responses containing content-encoding headers but no body cc434bc

---

sindresorhus/got@v14.4.8...v14.4.9

Commits

• 75287d6 14.4.9
• cc434bc Fix hang with responses containing content-encoding headers but no body
• 972fb25 Improve docs for calculateDelay option
• See full diff in compare view

Updates meow from 13.2.0 to 14.0.0

Release notes

Sourced from meow's releases.

v14.0.0

Breaking

• Require Node.js 20 47b3bcb

Fixes

• Fix incorrect automatic number conversion for flag values 8f3909c

---

sindresorhus/meow@v13.2.0...v14.0.0

Commits

• a691341 14.0.0
• 47b3bcb Require Node.js 20
• 8f3909c Fix incorrect automatic number conversion for flag values
• 87d1bc3 Remove extraneous hard rejection note (#262)
• f0c7203 Copy type tests on build (#259)
• 97e8b20 Clean up description parsing (#256)
• f741cc2 Remove hard rejection note in readme (#261)
• 9961bc0 Make options required (#260)
• c00d5c5 Remove false from version type, add fallback message (#258)
• a85c6e4 Remove null from booleanDefault type (#257)
• Additional commits viewable in compare view

Updates normalize-url from 8.0.2 to 8.1.0

Release notes

Sourced from normalize-url's releases.

v8.1.0

• Add removePath and transformPath option dfcfc06
• Fix path-like query strings losing structure when sorting parameters 92eb703

---

sindresorhus/normalize-url@v8.0.2...v8.1.0

Commits

• ed415bc 8.1.0
• dfcfc06 Add removePath and transformPath option
• 7be700f Add tests for www-stripping edge cases
• 92eb703 Fix path-like query strings losing structure when sorting parameters
• See full diff in compare view

Updates ora from 8.2.0 to 9.0.0

Release notes

Sourced from ora's releases.

v9.0.0

Breaking

• Require Node.js 20 7aca06d

Fixes

• Fix clearing in some cases aa51538
• Fix frame() not displaying dynamic prefixText/suffixText from functions 0f19f57
• Fix multiline text exceeding console height leaving garbage when scrolling 45d30ad

---

sindresorhus/ora@v8.2.0...v9.0.0

Commits

• 20d4bdb 9.0.0
• 7aca06d Require Node.js 20
• aa51538 Fix clearing in some cases
• 9125620 Add FAQs
• 0f19f57 Fix frame() not displaying dynamic prefixText/suffixText from functions
• 45d30ad Fix multiline text exceeding console height leaving garbage when scrolling
• See full diff in compare view

Updates winston from 3.17.0 to 3.18.3

Release notes

Sourced from winston's releases.

v3.18.3

• Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

---

winstonjs/winston@v3.18.2...v3.18.3

v3.18.2

• Bump diagnostics package to resolve #2583 (again) f4582c3

---

winstonjs/winston@v3.18.1...v3.18.2

v3.18.1

• Bump diagnostics package to resolve #2583 e668c2c

---

winstonjs/winston@v3.18.0...v3.18.1

v3.18.0

• Update diagnostics package to latest version to remove vulnerability 376e331
• add @​initd.sg/winston-cloudwatch (#2532) 71ee92a
• Update transports.md (#2549) 3547a95
• docs: update transport.md (#2550) dc88db0
• feat: adds helper function for highest log level (#2514) c69cdb0

---

winstonjs/winston@v3.17.0...v3.18.0

Commits

• 4dc03d6 3.18.3
• a15a9e9 Update diagnostics dependency (removes fix-esm transitive dependency)
• ca142d0 3.18.2
• f4582c3 Bump diagnostics package to resolve #2583 (again)
• 347316e 3.18.1
• e668c2c Bump diagnostics package to resolve #2583
• 6864728 3.18.0
• 376e331 Update diagnostics package to latest version to remove vulnerability
• 71ee92a add @​initd.sg/winston-cloudwatch (#2532)
• 3547a95 Update transports.md (#2549)
• Additional commits viewable in compare view

Updates globals from 16.3.0 to 16.4.0

Release notes

Sourced from globals's releases.

v16.4.0

• Update globals (#309) 8b8a2d6

---

sindresorhus/globals@v16.3.0...v16.4.0

Commits

• 52ba38b 16.4.0
• 8b8a2d6 Update globals (#309)
• See full diff in compare view

Updates jest from 30.1.2 to 30.2.0

Release notes

Sourced from jest's releases.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

Changelog

Sourced from jest's changelog.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

Commits

• 855864e v30.2.0
• da9b532 v30.1.3
• See full diff in compare view

Updates lint-staged from 16.1.5 to 16.2.3

Release notes

Sourced from lint-staged's releases.

v16.2.3

Patch Changes

• #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Patch Changes

• #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes
  ✔ Backed up original state in git stash (c18d55a3)
  ✔ Running tasks for staged files...
  ✖ Tasks modified files and --fail-on-changes was used!
  ↓ Cleaning up temporary files...
  ✖ lint-staged failed because --fail-on-changes was used.
  Any lost modifications can be restored from a git stash:
  > git stash list --format="%h %s"
  c18d55a3 On main: lint-staged automatic backup
  > git apply --index c18d55a3

v16.2.1

Patch Changes

• #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default {
  ---  "*": (files: string[]) => void console.log('staged files', files)
  +++  "*": (files: readonly string[]) => void console.log('staged files', files)
  }

• #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

• #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

• #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

  Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

v16.2.0

Minor Changes

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.3

Patch Changes

• #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

16.2.2

Patch Changes

• #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes
  ✔ Backed up original state in git stash (c18d55a3)
  ✔ Running tasks for staged files...
  ✖ Tasks modified files and --fail-on-changes was used!
  ↓ Cleaning up temporary files...
  ✖ lint-staged failed because --fail-on-changes was used.
  Any lost modifications can be restored from a git stash:
  > git stash list --format="%h %s"
  c18d55a3 On main: lint-staged automatic backup
  > git apply --index c18d55a3

16.2.1

Patch Changes

• #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default {
  ---  "*": (files: string[]) => void console.log('staged files', files)
  +++  "*": (files: readonly string[]) => void console.log('staged files', files)
  }

• #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

• #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

• #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

  Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

... (truncated)

Commits

• bdcd03a chore(changeset): release
• 27cd541 fix: do not count hidden (partially) unstaged changes when using `--fail-on-c...
• ab2f42e fix: emit correct value to debug logs
• 3fc5832 refactor: make general error messages more clear they originate from lint-staged
• 409d79a chore(changeset): release
• 7edaee9 docs: fix typo in changeset
• 699f95d fix: backup stash example uses real hash if available
• 47d01a9 fix: print backup stash example when failing to --fail-on-changes
• 325dc03 fix: restore unstaged changes on errors when --fail-on-errors or `--no-reve...
• 53bb27b fix: do not drop backup stash when errors and --fail-on-changes was used
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[stoe]

@dependabot squash and merge

[dependabot]

Dependabot tried to merge this PR, but received the following error from GitHub:

Repository rule violations found

New changes require approval from someone other than stoe because they were the last pusher.