[Snyk] Upgrade husky from 1.3.1 to 9.1.7

[snyk-io]

Snyk has created this PR to upgrade husky from 1.3.1 to 9.1.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 106 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	44	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	44	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	44	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	44	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	44	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	44	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	44	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	44	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	44	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	44	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	44	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	44	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	44	No Known Exploit

Release notes

Package name: husky

• 9.1.7 - 2024-11-18
  

  What's Changed

  • fix: add husky label to deprecated warning by @ smackfu in #1538

  New Contributors

  • @ smackfu made their first contribution in #1538

  Full Changelog: v9.1.6...v9.1.7

• 9.1.6 - 2024-09-11
  

  What's Changed

  • Fix issue where example pre-commit file is generated incorrectly by @ dexmlee in #1519

  New Contributors

  • @ OlegKipchatov made their first contribution in #1495
  • @ Byron2016 made their first contribution in #1499
  • @ dexmlee made their first contribution in #1519

  Full Changelog: v9.1.5...v9.1.6

• 9.1.5 - 2024-08-20
  

  What's Changed

  • fixes #1494, support pre-merge-commit hook by @ RainMeoCat in #1497

  New Contributors

  • @ RainMeoCat made their first contribution in #1497

  Full Changelog: v9.1.4...v9.1.5

• 9.1.4 - 2024-07-29
  
  • Improve deprecation notice
• 9.1.3 - 2024-07-26
  
  • fix: better handle space in PATH
• 9.1.2 - 2024-07-25
  

  Show a message instead of automatically removing deprecated code.

  This only concerns projects that still have the following code in their hooks:

  - #!/usr/bin/env sh # <- This is deprecated, remove it

  - . "$(dirname -- "$0")/_/husky.sh" # <- This is deprecated, remove it

  # Rest of your hook code

  Hooks with these lines will fail in v10.0.0

• 9.1.1 - 2024-07-18
  

  

  Super saiyan god dog! It's over 9.0.0!

  What's new

  You can now run package commands directly, no need for npx or equivalents.
  It makes writing hooks more intuitive and is also slightly faster 🐺⚡️

  # .husky/pre-commit
  - npx jest
  + jest # ~0.2s faster

  A new recipe has been added to the docs. Lint staged files without external dependencies (inspired by Prettier docs). Feel free to modify it.

  # .husky/pre-commit
  prettier $(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g') --write --ignore-unknown
  git update-index --again

  For more advanced use cases, see lint-staged.

  Fixes

  • bunx husky init command
  • Workaround for some hooks implementation on Windows

  Deprecations

  • #!/usr/bin/env sh and . "$(dirname -- "$0")/_/husky.sh" are deprecated. husky command will automatically remove them, no action required.
  • If you're having code in ~/.huskyrc please move it to .config/husky/init.sh

  Support for these will be removed in v10.

  Friendly reminder

  If Git hooks don't fit your workflow, you can disable Husky globally. Just add export HUSKY=0 to .config/husky/init.sh.

  I've seen some confusion about this on X, so just a heads-up!

  Sponsoring

  Husky is downloaded over 45M times per month and used by ~1.5M projects. If your company wants to sponsor, you can do so here: GitHub Sponsors.

  Have a nice summer ☀️ I'm open to new opportunities/consulting so feel free to drop me a message 😉

• 9.1.0 - 2024-07-17
  No content.
• 9.0.11 - 2024-02-13
  
  • chore: update package-lock.json by @ btea in #1383
  • fix: export HUSKY=0 in init (fixes #1393) by @ typicode in #1395
• 9.0.10 - 2024-02-01
  
  • fix: rename index.d.ts to index.d.mts by @ mrkjdy in #1379
• 9.0.9 - 2024-02-01
• 9.0.8 - 2024-02-01
• 9.0.7 - 2024-01-29
• 9.0.6 - 2024-01-25
• 9.0.5 - 2024-01-25
• 9.0.4 - 2024-01-25
• 9.0.3 - 2024-01-25
• 9.0.2 - 2024-01-25
• 9.0.1 - 2024-01-25
• 8.0.3 - 2023-01-03
• 8.0.2 - 2022-11-08
• 8.0.1 - 2022-05-09
• 8.0.0 - 2022-05-08
• 7.0.4 - 2021-10-21
• 7.0.3 - 2021-10-21
• 7.0.2 - 2021-08-25
• 7.0.1 - 2021-07-06
• 7.0.0 - 2021-07-01
• 6.0.0 - 2021-03-29
• 5.2.0 - 2021-03-21
• 5.1.3 - 2021-03-02
• 5.1.2 - 2021-03-01
• 5.1.1 - 2021-02-22
• 5.1.0 - 2021-02-21
• 5.0.9 - 2021-02-08
• 5.0.8 - 2021-01-28
• 5.0.7 - 2021-01-27
• 5.0.6 - 2020-12-11
• 5.0.5 - 2020-12-11
• 5.0.4 - 2020-11-22
• 5.0.3 - 2020-11-22
• 5.0.2 - 2020-11-22
• 5.0.1 - 2020-11-17
• 5.0.0 - 2020-11-16
• 5.0.0-beta.0 - 2020-10-16
• 5.0.0-alpha.6 - 2020-10-01
• 5.0.0-alpha.5 - 2020-09-21
• 5.0.0-alpha.4 - 2020-09-15
• 5.0.0-alpha.3 - 2020-09-15
• 5.0.0-alpha.2 - 2020-09-15
• 5.0.0-alpha.1 - 2020-09-15
• 5.0.0-alpha.0 - 2020-09-14
• 4.3.8 - 2021-01-15
• 4.3.7 - 2021-01-07
• 4.3.6 - 2020-12-13
• 4.3.5 - 2020-12-07
• 4.3.4 - 2020-12-05
• 4.3.3 - 2020-12-05
• 4.3.2 - 2020-12-05
• 4.3.1 - 2020-12-01
• 4.3.0 - 2020-09-07
• 4.2.5 - 2020-04-09
• 4.2.4 - 2020-04-09
• 4.2.3 - 2020-02-12
• 4.2.2 - 2020-02-12
• 4.2.1 - 2020-01-23
• 4.2.0 - 2020-01-21
• 4.1.0 - 2020-01-21
• 4.0.10 - 2020-01-15
• 4.0.9 - 2020-01-14
• 4.0.8 - 2020-01-14
• 4.0.7 - 2020-01-12
• 4.0.6 - 2020-01-10
• 4.0.5 - 2020-01-10
• 4.0.4 - 2020-01-09
• 4.0.3 - 2020-01-09
• 4.0.2 - 2020-01-09
• 4.0.1 - 2020-01-08
• 4.0.0 - 2020-01-07
• 4.0.0-beta.5 - 2019-10-21
• 4.0.0-beta.4 - 2019-10-18
• 4.0.0-beta.3 - 2019-10-12
• 4.0.0-beta.2 - 2019-09-28
• 4.0.0-beta.1 - 2019-08-15
• 4.0.0-beta.0 - 2019-08-14
• 3.1.0 - 2019-11-18
• 3.0.9 - 2019-10-12
• 3.0.8 - 2019-10-02
• 3.0.7 - 2019-09-28
• 3.0.6 - 2019-09-28
• 3.0.5 - 2019-09-01
• 3.0.4 - 2019-08-17
• 3.0.3 - 2019-08-08
• 3.0.2 - 2019-07-29
• 3.0.1 - 2019-07-18
• 3.0.0 - 2019-07-01
• 3.0.0-0 - 2019-06-27
• 2.7.0 - 2019-06-27
• 2.6.0 - 2019-06-26
• 2.5.0 - 2019-06-24
• 2.4.1 - 2019-06-11
• 2.4.0 - 2019-06-05
• 2.3.0 - 2019-05-14
• 2.2.0 - 2019-05-02
• 2.1.0 - 2019-04-24
• 2.0.0 - 2019-04-24
• 1.3.1 - 2018-12-28

from husky GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	40% smaller

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)