chore(deps): bump the npm-dependencies group with 8 updates

[dependabot]

Bumps the npm-dependencies group with 8 updates:

Package	From	To
@apidevtools/json-schema-ref-parser	15.2.2	15.3.1
minimatch	10.2.2	10.2.4
simple-git	3.32.2	3.32.3
@typescript-eslint/eslint-plugin	8.56.0	8.56.1
@typescript-eslint/parser	8.56.0	8.56.1
cspell	9.6.4	9.7.0
globals	17.3.0	17.4.0
lint-staged	16.2.7	16.3.1

Updates @apidevtools/json-schema-ref-parser from 15.2.2 to 15.3.1

Release notes

Sourced from @​apidevtools/json-schema-ref-parser's releases.

v15.3.1

15.3.1 (2026-02-28)

Bug Fixes

• resolve multiple open issues (#349, #355, #392) and add regression tests (#415) (6e19cd9), closes #384 #403

v15.3.0

15.3.0 (2026-02-28)

Bug Fixes

• resolve ESLint errors (#410) (0fd077b)
• resolve multiple dereference and bundle issues (#338, #370, #395) (#409) (cd9737c)

Features

• enable npm OIDC trusted publisher with provenance (#413) (a84513c)

Commits

• 6e19cd9 fix: resolve multiple open issues (#349, #355, #392) and add regression tests...
• 3d93948 test: add comprehensive regression tests for historical closed issues (#414)
• 5d4592f test: add comprehensive real-world schema pattern tests (#412)
• a84513c feat: enable npm OIDC trusted publisher with provenance (#413)
• 0fd077b fix: resolve ESLint errors (#410)
• fb383a6 chore: deps
• cd9737c fix: resolve multiple dereference and bundle issues (#338, #370, #395) (#409)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​apidevtools/json-schema-ref-parser since your current version.

Updates minimatch from 10.2.2 to 10.2.4

Commits

• c36addb 10.2.4
• 26b9002 docs: add warning about ReDoS
• 3a0d83b fix partial matching of globstar patterns
• ea94840 10.2.3
• 0873fba update deps
• cecaad1 more extglob coalescing for performance
• 11d0df6 limit nested extglob recursion, flatten extglobs
• c3448c4 update assertValidPattern param type to unknown from any
• 0bf499a limit recursion for **, improve perf considerably
• 9f15c58 update deps
• See full diff in compare view

Updates simple-git from 3.32.2 to 3.32.3

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

Commits

• a1170e5 Version Packages
• f704208 In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.56.0 to 8.56.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.56.1 (2026-02-23)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 958f390 chore(eslint-plugin): add default excludes to vitest (#12067)
• ffb46ea docs(eslint-plugin): [method-signature-style] clarify autofix impact on type ...
• See full diff in compare view

Updates @typescript-eslint/parser from 8.56.0 to 8.56.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• See full diff in compare view

Updates cspell from 9.6.4 to 9.7.0

Release notes

Sourced from cspell's releases.

v9.7.0

Features

feat: Substitution Part 4 - enable substitutions during document check (#8630)

Pull request overview

This PR enables substitution-based text transformations during document spell checking, allowing configured text patterns to be replaced before validation occurs.

Changes:

• Added substitution transformer support to the text validation pipeline
• Enhanced SubstitutionTransformer to handle both string and MappedText inputs with source map merging
• Refactored settingsToValidateOptions to explicitly map all validation option fields

---

feat: Substitution Part 3 (#8616)

Pull request overview

This PR updates the SourceMap encoding/handling to use relative span-length pairs (instead of absolute offset pairs) so transformations can be composed more reliably, while updating affected parsers, mappers, and tests across the monorepo.

Changes:

• Redefines SourceMap documentation/usage to represent relative [srcSpanLen, dstSpanLen] segments (with non-linear segment semantics).
• Introduces new SourceMap utilities in cspell-lib and refactors TextMap/mapping code and tests to use them.
• Updates TypeScript grammar parsing/mappers to emit relative maps and adjusts fixtures/tests accordingly.

[!CAUTION] Internal breaking: SourceMaps are now span lengths instead of being offsets. This makes them invariant during translation, making concatenation, and slicing much easier. A minor version change was chosen instead of a major version change since it was only used with the experimental TypeScript parser.

---

feat: Substitution Part 2 (#8599)

Pull request overview

... (truncated)

Changelog

Sourced from cspell's changelog.

v9.7.0 (2026-02-23)

Features

feat: Substitution Part 4 - enable substitutions during document check (#8630)

Pull request overview

This PR enables substitution-based text transformations during document spell checking, allowing configured text patterns to be replaced before validation occurs.

Changes:

• Added substitution transformer support to the text validation pipeline
• Enhanced SubstitutionTransformer to handle both string and MappedText inputs with source map merging
• Refactored settingsToValidateOptions to explicitly map all validation option fields

---

feat: Substitution Part 3 (#8616)

Pull request overview

This PR updates the SourceMap encoding/handling to use relative span-length pairs (instead of absolute offset pairs) so transformations can be composed more reliably, while updating affected parsers, mappers, and tests across the monorepo.

Changes:

• Redefines SourceMap documentation/usage to represent relative [srcSpanLen, dstSpanLen] segments (with non-linear segment semantics).
• Introduces new SourceMap utilities in cspell-lib and refactors TextMap/mapping code and tests to use them.
• Updates TypeScript grammar parsing/mappers to emit relative maps and adjusts fixtures/tests accordingly.

[!CAUTION] Internal breaking: SourceMaps are now span lengths instead of being offsets. This makes them invariant during translation, making concatenation, and slicing much easier. A minor version change was chosen instead of a major version change since it was only used with the experimental TypeScript parser.

---

feat: Substitution Part 2 (#8599)

... (truncated)

Commits

• 48f64e0 v9.7.0
• d894739 chore: Prepare Release v9.7.0 (auto-deploy) (#8635)
• 143bfed chore: Prepare Release v9.7.0 (auto-deploy) (#8521)
• 20c13d3 ci: Workflow Bot -- Update ALL Dependencies (main) (#8614)
• d9ed169 fix: cspell-rpc - reduce the size of an RPC result. (#8574)
• 96b88e3 ci: Workflow Bot -- Update ALL Dependencies (main) (#8529)
• See full diff in compare view

Updates globals from 17.3.0 to 17.4.0

Release notes

Sourced from globals's releases.

v17.4.0

• Update globals (2026-03-01) (#338) d43a051

---

sindresorhus/globals@v17.3.0...v17.4.0

Commits

• a9cfd74 17.4.0
• d43a051 Update globals (2026-03-01) (#338)
• See full diff in compare view

Updates lint-staged from 16.2.7 to 16.3.1

Release notes

Sourced from lint-staged's releases.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• 2a74cd2 chore(changeset): release
• cd5d762 refactor: remove nano-spawn dependency completely
• e342cab build(deps): move nano-spawn to dev
• 9aa2cd7 chore(changeset): release
• 0c387bc test: make long-running task longer because of GitHub Actions slowness
• 87467aa refactor: detect incorrect brace expansion exhaustively
• dceabc6 ci: run npm audit in GitHub Actions
• d0e4c2a build(deps): update dependencies
• 93cf144 docs: add tip about lint-staged.sh
• 9809fee test: adjust integration test logging setup for concurrency
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions