Bump lint-staged to 17.0.2 and override @noble pins

[gndelia]

Description

Bumps lint-staged from 16.2.7 to 17.0.2. The major bump is dev-only (runs at commit time), audited via /review-dep-update: no install hooks, no new network/credential surface, native pidtree removed, replaced commander/nano-spawn/micromatch with built-in node:util.parseArgs / tinyexec / picomatch. Engine bump to node >=22.22.1 is satisfied by our .nvmrc (24).

The bump forces a fresh pnpm resolution. @noble/hashes@1.7.0 and @noble/curves@1.8.0 were already in the lockfile when trustPolicy: no-downgrade was introduced in #414 — pnpm grandfathered them in by reusing the existing entries — but the re-resolution re-evaluates trust and rejects them. Both are exact-pinned by @walletconnect/relay-auth@1.1.0 (pulled in transitively via wagmi) and were published on 2025-01-03 without provenance attestation. This PR redirects each to the next attested patch (1.8.0 / 1.8.1) — versions already present elsewhere in the tree. Drop these overrides once relay-auth ships a release that doesn't pin those: WalletConnect/walletconnect-utils#244

Screenshots

N/A — no UI changes.

Related issue(s)

No related issue.

Checklist

• Manual testing passed.
• Automated tests added, or N/A.
• Documentation updated, or N/A.
• Environment variables set in CI, or N/A.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	vetro-landing	8c9939c	Commit Preview URL Branch Preview URL	May 13 2026, 06:33 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	vetro-api-staging	8c9939c	Commit Preview URL Branch Preview URL	May 13 2026, 06:34 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	vetro-storybook	8c9939c	Commit Preview URL Branch Preview URL	May 13 2026, 06:34 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	vetro-web-staging	8c9939c	Commit Preview URL Branch Preview URL	May 13 2026, 06:35 PM

[Copilot]

Pull request overview

This PR updates the repo’s commit-time linting workflow by bumping lint-staged to 17.0.2, and adds pnpm overrides to avoid untrusted exact-pinned @noble/* versions pulled in via @walletconnect/relay-auth.

Changes:

• Bump lint-staged from 16.2.7 to 17.0.2.
• Add pnpm overrides to redirect @noble/hashes@1.7.0 and @noble/curves@1.8.0 to attested releases.
• Regenerate pnpm-lock.yaml to reflect the new resolution (including the overrides).

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
pnpm-workspace.yaml	Adds pnpm overrides to redirect pinned @noble/* versions and documents the rationale.
pnpm-lock.yaml	Records the overrides and updates the dependency resolution after the lint-staged bump.
package.json	Bumps root devDependency lint-staged to 17.0.2.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

Comments suppressed due to low confidence (1)

pnpm-lock.yaml:16053

• The re-resolution also changes ox@0.6.7 to use @noble/curves 1.8.1 (was 1.9.7 previously per diff). Please verify this version change is expected and doesn’t introduce behavior differences; if not, consider pinning/overriding @noble/curves to keep the prior resolved version for consumers that can use it.