[Snyk] Upgrade husky from 4.2.5 to 8.0.1 #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade husky from 4.2.5 to 8.0.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
The recommended version fixes:
SNYK-JS-SEMVERREGEX-1585624
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SEMVERREGEX-1584358
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SEMVERREGEX-1047770
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: husky
What's Changed
Feats
husky -
prefix to logged global error messages by @ joshbalfour in #1092PATH
when command not found to improve debuggability$HUSKY=0
Fixes
/usr/bin/env sh
instead of direct path ofsh
by @ skhaz in #1051./husky.sh
by @ hyperupcall in #1104basename
/dirname
to treat$0
as an argument by @ mataha in #1132git.io
links by @ renbaoshuo in #1136Docs
npx --no-install
option withnpx --no
by @ sibiraj-s in #1070pnpm
installation by @ MohamadKh75 in #1139Chore
No changes. Husky v7.0.3 was reverted, this version is the same as v7.0.2.
7.0.3
Fix pre-commit hook in WebStorm (#1023)
.husky/
directory structure..husky/.gitignore
is now unnecessary and can be removed.husky-init
CLIhusky-4-to-7
CLIPlease help me develop and release OSS projects ❤️ on GitHub Sponsors or Open Collective. Thank you for your support!
After being in early access for Open Source projects and Sponsors for a limited time, I'm happy to announce that husky 6 is MIT again and can be freely used in commercial projects! 🎉
Many thanks to the Open Source projects and Companies which have switched to/sponsored the new husky during this period!
OSS is my full-time job, please consider sponsoring the development of husky on GitHub sponsors or Open Collective. Thank you!
Breaking change
husky init
has been moved to its own package (npx husky-init
)Added
require('husky')
Migrating from husky 4
Husky 6 contains breaking changes. If you're coming from v4,
npm install husky@6
won't be enough.Recommended: see husky-4-to-6 CLI to automatically migrate your config. There's also a dedicated section in the docs.
If you're curious why config has changed, you may be interested in reading:
https://blog.typicode.com/husky-git-hooks-javascript-config/
Also Husky 6 follows official npm and Yarn best practices regarding autoinstall. It's recommended to use
prepare
script instead (see usage in docs).set
command to replace hooks (husky set .husky/pre-commit cmd
)add
command to append command (husky add .husky/pre-commit cmd
)husky init
will detect Yarn v2 and initialize accordinglyCommit messages
Package name: husky
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs