Skip to content

Bump lefthook from 2.1.6 to 2.1.8#31

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/lefthook-2.1.8
Open

Bump lefthook from 2.1.6 to 2.1.8#31
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/lefthook-2.1.8

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 20, 2026
edited by cubic-dev-ai Bot
Loading

Bumps lefthook from 2.1.6 to 2.1.8.

Release notes

Sourced from lefthook's releases.

v2.1.8

Changelog

  • 488a5f99a5a496e5837f757f8ce3e6c6d1415792 fix: do not warn if local hooks path is equal to default hooks path (#1421)

v2.1.7

Changelog

  • f415a9d3fce1d4f6af62622cf96c72e04ecf7bd3 chore: go mod tidy
  • cf4ab9ea4580f5aeb0d4b61d4dd169533e5bb0c9 fix: always restore unstaged changes (#1416)
  • 4c0e000d6fe9f35f42efefb9263b0b4cb5dfbd49 fix: apply stage_fixed only if it is safe (#1418)
  • 76aa843ef5ceb6970f61cd2ff28d16dd2ec82272 fix: linter, sacrifice optimization for readability
  • 9d53c36ed9a26d3bf66e341a9650a0ecac9b6a37 fix: separate fallback push branch from pathspecs (#1396)
  • 22c9f773cf93b59005bd244c5b00caab2947a755 fix: try to always restore unstaged changes (#1417)
  • 37d83986d8e6d6bf6792f57e22e7cbb1a9e28064 fix: use contrast colors (#1420)
  • eb1064d0b8c6248627960bea1abf6891db5a21b1 refactor: add new logger without a global state (#1385)
Changelog

Sourced from lefthook's changelog.

2.1.8 (2026-05-19)

  • fix: do not warn if local hooks path is equal to default hooks path (#1421) by @​mrexox

2.1.7 (2026-05-19)

Commits
  • 9e75b21 2.1.8: reduce warning for core.hooksPath if it matches the default
  • 488a5f9 fix: do not warn if local hooks path is equal to default hooks path (#1421)
  • b5c8310 2.1.7: restore unstaged changes when possible
  • 37d8398 fix: use contrast colors (#1420)
  • 4c0e000 fix: apply stage_fixed only if it is safe (#1418)
  • 22c9f77 fix: try to always restore unstaged changes (#1417)
  • cf4ab9e fix: always restore unstaged changes (#1416)
  • f415a9d chore: go mod tidy
  • eb1064d refactor: add new logger without a global state (#1385)
  • 76aa843 fix: linter, sacrifice optimization for readability
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by cubic

Upgrade lefthook to 2.1.8 to improve git hook reliability and reduce noisy warnings. Includes upstream fixes for restoring unstaged changes and safer auto-staging.

  • Dependencies
    • Bump lefthook from 2.1.6 to 2.1.8

Written for commit c637581. Summary will update on new commits. Review in cubic

@dependabot
Bump lefthook from 2.1.6 to 2.1.8
c637581 
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 2.1.6 to 2.1.8.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](evilmartians/lefthook@v2.1.6...v2.1.8)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-version: 2.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 20, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedlefthook@​2.1.6 ⏵ 2.1.899 +810010094100

View full report

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 20, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Re-trigger cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants