build(deps-dev): bump lint-staged from 16.4.0 to 17.0.4

[dependabot]

Bumps lint-staged from 16.4.0 to 17.0.4.

Release notes

Sourced from lint-staged's releases.

v17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

v17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

v17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

v17.0.1

Patch Changes

• #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

v17.0.0

Major Changes

• #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

• #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

• #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

  npm install --development yaml

  If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the content is JSON, consider renaming it to .lintstagedrc.json to avoid needing to install yaml.

Minor Changes

• #1748 809d5ef Thanks @​iiroj! - Add new option --hide-all for hiding all unstaged changes and untracked files, before running tasks. This makes it easier to run tools like Knip which check for unused code. Untracked files are included in the backup stash and restored automatically after running.

• #1759 f13045a Thanks @​iiroj! - Update dependencies, including tinyexec@1.1.1 to fix the following issues:

  • When using a Node.js version manager with multiple versions installed (nvm, n, for example), scripts with the #!/usr/bin/env node shebang (Prettier, ESLint, for example) were previously spawned using the default Node.js version configured by the version manager (the one which node points to) on POSIX systems. Now, they will be spawned with the same version that lint-staged itself was started with.
    • For example, if your default Node.js version is 24.14.1 but lint-staged is run with the latest version 25.9.0, the tasks spawned by lint-staged will now also use version 25.9.0. Previously they were spawned using 24.14.1.

... (truncated)

Changelog

Sourced from lint-staged's changelog.

17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

17.0.1

Patch Changes

• #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

17.0.0

Major Changes

• #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

• #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

• #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

  npm install --development yaml

  If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the content is JSON, consider renaming it to .lintstagedrc.json to avoid needing to install yaml.

Minor Changes

• #1748 809d5ef Thanks @​iiroj! - Add new option --hide-all for hiding all unstaged changes and untracked files, before running tasks. This makes it easier to run tools like Knip which check for unused code. Untracked files are included in the backup stash and restored automatically after running.

... (truncated)

Commits

• 2862964 Merge pull request #1789 from lint-staged/changeset-release/main
• c9ecd54 chore(changeset): release
• cc6b51a Merge pull request #1788 from lint-staged/fix-update-index-again
• f95c1f8 fix: update both default index.lock and non-standard lock when latter exists
• f44ee68 Merge pull request #1786 from lint-staged/update-repo-url
• a61cf18 build(deps): update dependencies
• ea00037 docs: disable Changesets "thanks"
• ab7c26c docs: update repo URL to point in lint-staged/lint-staged
• a36ec1e Merge pull request #1783 from lint-staged/changeset-release/main
• 03ce2a9 chore(changeset): release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mozilla-blender]

Reviewing this major version bump. Workflow run

[mozilla-blender]

APPROVED: auto-merge: major bump evaluated as safe (high confidence).

Reason: lint-staged is a dev-only tool invoked solely via .husky/pre-commit (npx --no-install lint-staged --cwd ..). It is not run in CI/Docker — the CI runs lint commands directly via npm run lint. The codebase uses a JavaScript config (.lintstagedrc.js) with the standard glob->command mapping, which is unchanged between v16 and v17. None of the v17 breaking changes affect this usage: (1) Node>=22.22.1 only impacts developers running the pre-commit hook locally; the project's volta pin (22.15.0) is slightly below this, but builds and CI are unaffected; (2) Git>=2.32.0 is from 2021 and well below any reasonable developer install; (3) yaml being optional only affects YAML configs or extensionless .lintstagedrc — the project uses .lintstagedrc.js (JS), so yaml is not needed. All CI checks are passing.

Breaking changes: Drops Node.js 20 support; minimum Node.js is now 22.22.1; Requires Git >= 2.32.0 (released 2021); yaml dependency is now optional — must be installed separately if using a YAML config file or extensionless .lintstagedrc; tinyexec upgrade changes how child processes resolve Node.js: scripts with #!/usr/bin/env node shebangs now use the same Node version as lint-staged itself (previously the version manager's default)
Test coverage: No automated tests exercise lint-staged — it is a developer pre-commit tool, not part of the runtime or CI pipeline. CI runs the same linters (prettier, stylelint, eslint, ruff, black, mypy) directly via npm run lint and Python checks, so any formatting/lint regressions would still be caught at the PR level regardless of lint-staged's local behavior. The .lintstagedrc.js config uses only the standard glob->command mapping, which is part of the documented API and unchanged between v16 and v17.