chore(deps): bump the npm-version-updates group with 5 updates

[dependabot]

Bumps the npm-version-updates group with 5 updates:

Package	From	To
@napi-rs/cli	3.2.0	3.3.1
@types/node	24.5.2	24.7.2
lint-staged	16.2.0	16.2.4
oxlint	1.18.0	1.23.0
typescript	5.9.2	5.9.3

Updates @napi-rs/cli from 3.2.0 to 3.3.1

Commits

• a0d55cc chore(release): publish
• 69b8f09 fix(wasm-runtime): node:events polyfill on browser (#2954)
• 7ea726b fix(deps): update rust crate ctor to v0.6.0 (#2951)
• 8f40ebd fix(napi): cleanup memory issues (#2949)
• 2cdf5fd chore(release): publish
• 89d0f20 chore(cli): test path assertion (#2947)
• 60b4bef chore(deps): lock file maintenance (#2944)
• 9df9f89 feat(napi): add on_abort for AbortSignal (#2942)
• 70b66ee fix(cli): bundle empathic (#2946)
• ac118df feat(cli): export more build apis (#2945)
• Additional commits viewable in compare view

Updates @types/node from 24.5.2 to 24.7.2

Commits

• See full diff in compare view

Updates lint-staged from 16.2.0 to 16.2.4

Release notes

Sourced from lint-staged's releases.

v16.2.4

Patch Changes

• #1682 0176038 Thanks @​iiroj! - Update dependencies, including nano-spawn@2.0.0 with bug fixes.

• #1671 581a54e Thanks @​iiroj! - Speed up execution by only importing the yaml depedency if using YAML configuration files.

v16.2.3

Patch Changes

• #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Patch Changes

• #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes ✔ Backed up original state in git stash (c18d55a3) ✔ Running tasks for staged files... ✖ Tasks modified files and --fail-on-changes was used! ↓ Cleaning up temporary files... ✖ lint-staged failed because --fail-on-changes was used. Any lost modifications can be restored from a git stash: > git stash list --format="%h %s" c18d55a3 On main: lint-staged automatic backup > git apply --index c18d55a3

v16.2.1

Patch Changes

• #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default { --- "*": (files: string[]) => void console.log('staged files', files) +++ "*": (files: readonly string[]) => void console.log('staged files', files) }

• #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

• #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.4

Patch Changes

• #1682 0176038 Thanks @​iiroj! - Update dependencies, including nano-spawn@2.0.0 with bug fixes.

• #1671 581a54e Thanks @​iiroj! - Speed up execution by only importing the yaml depedency if using YAML configuration files.

16.2.3

Patch Changes

• #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

16.2.2

Patch Changes

• #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes ✔ Backed up original state in git stash (c18d55a3) ✔ Running tasks for staged files... ✖ Tasks modified files and --fail-on-changes was used! ↓ Cleaning up temporary files... ✖ lint-staged failed because --fail-on-changes was used. Any lost modifications can be restored from a git stash: > git stash list --format="%h %s" c18d55a3 On main: lint-staged automatic backup > git apply --index c18d55a3

16.2.1

Patch Changes

• #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default { --- "*": (files: string[]) => void console.log('staged files', files) +++ "*": (files: readonly string[]) => void console.log('staged files', files) }

... (truncated)

Commits

• 122580b chore(changeset): release
• 0176038 fix(deps): update dependencies
• 581a54e perf: only import yaml when loading YAML files
• bdcd03a chore(changeset): release
• 27cd541 fix: do not count hidden (partially) unstaged changes when using `--fail-on-c...
• ab2f42e fix: emit correct value to debug logs
• 3fc5832 refactor: make general error messages more clear they originate from lint-staged
• 409d79a chore(changeset): release
• 7edaee9 docs: fix typo in changeset
• 699f95d fix: backup stash example uses real hash if available
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.

Updates oxlint from 1.18.0 to 1.23.0

Release notes

Sourced from oxlint's releases.

oxlint v1.23.0

[1.23.0] - 2025-10-13

🚀 Features

• 452d128 linter: Node/no_process_env (#14536) (Kenneth Skovhus)
• a9e1261 linter: Implement react-refresh/only-export-components (#14122) (Rintaro Itokawa)
• a8d542b linter/no-duplicate-imports: Support allowSeparateTypeImports option (#14527) (camc314)
• 75a529c linter: Add run info about what functions rules implement (#13839) (camchenry)
• 4fbdef2 language_server: Support fmt.configPath configuration (#14502) (Sysix)
• 4d3ce2e language_server: Autodetect root .oxfmtrc.json (#14466) (Sysix)

🐛 Bug Fixes

• fb4a20d language_server: Add whitespace for // oxlint-disable-next-line fix (#14356) (Sysix)
• 6fce7f4 oxlint/changelog: Remove duplicate changelog entries (#14528) (camc314)
• 74e52f3 linter/plugins: Resolve JS plugins with ESM condition names (#14541) (magic-akari)
• 9965676 linter/exhaustive-deps: Ignore empty strings passed to additionalHooks option (#14464) (Redas)
• d0a8e3e linter: vue/no_required_prop_with_default called Option::unwrap() on a None value (#14491) (Sysix)
• 1192ea2 linter: Correct nextjs/no-typos path handling (#14480) (shulaoda)
• 2796b16 tsgolint: Pipe tsgolints stderr (#14477) (camc314)

🚜 Refactor

• 6440cde linter: Remove lifetime of Message (#14481) (Sysix)
• f599bef language_server: Move Message to DiagnosticReport transformation to one place (#14447) (Sysix)
• 4f301de napi/parser, linter/plugins: Improve formatting of generated code (#14554) (overlookmotel)
• 68c0252 napi/parser, linter/plugins: Shorten generated raw transfer deserializer code (#14553) (overlookmotel)
• 20e884e linter: Store LintService in LintRunner (#14471) (Sysix)
• 9e9c5ba linter: Simplify built-in lint plugin checks (#14518) (camchenry)
• 1986e0f linter/no-ex-assign: Use let-else chain (#14526) (camc314)
• ce9bcf0 linter/no-func-assign: Use let-else chain (#14525) (camc314)
• a9cea7c language_server: Use FxHashSet for ServerLinter::extended_paths (#14517) (Sysix)
• ea5838e linter/no-import-assign: Use let-else chain (#14524) (camc314)
• f977700 language_server: Pass LintOptions to Worker::refresh_server_linter (#14510) (Sysix)
• 54b001f linter/no-new-require: Improve diagnostic message clarity (#14511) (shulaoda)
• 650ea68 linter: Improve nextjs/no-typos rule (#14476) (shulaoda)

📚 Documentation

• 198f2e9 linter: Fix code example for branches-sharing-code (#14514) (camc314)
• d776a17 linter: Improve nextjs/no-typos rule documentation (#14470) (shulaoda)

⚡ Performance

• b44a30e language_server: Transform Message to DiagnosticReport with one call (#14448) (Sysix)
• 31766fd linter/plugins: Provide loc via prototype (#14552) (overlookmotel)
• aec0c08 linter: Allow analyzing node types in match blocks with guards (#14459) (camchenry)
• 9044187 linter: Skip running node-specific rule if file contains no relevant nodes (#14457) (camchenry)
• 422f54e linter: Only run rule run functions if implemented (#14454) (camchenry)

... (truncated)

Commits

• 0082cda release(oxlint): v1.23.0 (#14560)
• b2af43a release(oxlint): v1.22.0 (#14451)
• 6e061f6 release(oxlint): v1.21.0 (#14441)
• 6e8d2f6 fix(language_server): ignore JS plugins (#14379)
• 4bf6f69 release(oxlint): v1.20.0 (#14381)
• 8ca1adf release(oxlint): v1.19.0 (#14231)
• 8879b5a fix(linter/plugins): add types export to npm/oxlint (#14219)
• b4d716f feat(linter/plugins): move custom JS plugin config to jsPlugins (#14133)
• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coveralls]

Pull Request Test Coverage Report for Build 18558808117

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 41.104%

---

Totals
Change from base Build 18558741083:	0.0%
Covered Lines:	378
Relevant Lines:	753

---

💛 - Coveralls

[jeroenvervaeke]

@dependabot rebase