chore(deps): bump lint-staged from 16.3.2 to 16.4.0

[dependabot]

Bumps lint-staged from 16.3.2 to 16.4.0.

Release notes

Sourced from lint-staged's releases.

v16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

Changelog

Sourced from lint-staged's changelog.

16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

Commits

• 445f9dd chore(changeset): release
• d91be60 docs: update readme to use picomatch
• b392a9f refactor: extract matchFiles and add unit tests
• 687fc90 refactor: replace micromatch with picomatch
• 26dadf9 chore(changeset): release
• 9d6e827 build(deps): update dependencies
• 8aea986 chore(changeset): release
• 0109e8d fix: strip Git CRLF warning from output
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

✔️ Bundle Size Analysis

Metric	Value
Base	2638.70 KB
PR	2638.70 KB
Diff	0 KB (0%)

Bundle breakdown

156K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
20K	dist/cli.js
12K	dist/cli.js.map
584K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
896K	dist/integrations
100K	dist/llm
1.2M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
392K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

[claude]

LGTM — straightforward Dependabot lockfile bump for lint-staged.

Extended reasoning...

Overview

This is an automated Dependabot PR that bumps lint-staged from 16.3.2 to 16.4.0. The only file changed is pnpm-lock.yaml. The upstream changes include replacing micromatch with picomatch (reducing dependencies), a tinyexec update to prefer local node_modules/.bin, and a CRLF line-ending fix. A transitive @sourcegraph/amp version also shifted in the lockfile.

Security risks

No security risks. This is a dev-dependency lockfile update generated by Dependabot. lint-staged is only used during pre-commit hooks and does not run in production.

Level of scrutiny

Minimal scrutiny required. This is a lockfile-only change for a dev tool, within the same minor version range (^16.2.7), generated by a trusted automation (Dependabot). No source code or configuration changes.

Other factors

No bugs were found. No outstanding reviewer comments. No CODEOWNERS concerns for pnpm-lock.yaml. The PR timeline shows no prior reviews from me or any human reviewer, only bot comments about label issues and usage limits.