chore(deps): update dependency lefthook to v2.0.8

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
lefthook	2.0.4 -> 2.0.8

---

Release Notes

evilmartians/lefthook (lefthook)

v2.0.8

Compare Source

• fix: do not escape custom templates in command replacement (#​1213) by @​joevin-sql-docto

v2.0.7

Compare Source

• fix: prefer using lefthook from the $PATH (#​1211) by @​joevin-sql-docto

v2.0.6

Compare Source

• feat: save original executable location in hooks (#​1208) by @​mrexox
• docs: encourage python install using pipx (#​1207) by @​franzramadhan

v2.0.5

Compare Source

• feat: add optional args to scripts (#​1206) by @​mrexox
• deps: November 2025 (#​1200) by @​mrexox
• chore: upgrade golangci-lint to 2.6.1, add modernize (#​1190) by @​scop
• chore: publish artifact attestations (#​1189) by @​scop

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/lefthook	2.0.8	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 8/26 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• package.json

[github-actions]

📏 PR Size: 🟢 XS

Changes:

• 📁 Files changed: 1
• ➕ Additions: 1
• ➖ Deletions: 1

💡 Tips for managing PR size

• XS/Small: Easy to review ✅
• Medium: Consider breaking down if possible
• Large/XL: Please split into smaller PRs for easier review

Smaller PRs are easier to review, test, and merge!

---

This comment updates automatically when the PR changes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	lefthook@​2.0.4 ⏵ 2.0.8	+1			+1

View full report

[github-actions]

📊 Test Coverage Report

PR: #156
Commit: 0790298

Coverage Summary

Coverage data will be displayed here after test execution.

---

This comment is automatically updated by the PR Comment workflow.

[github-actions]

📊 Test Coverage Report

PR: #156
Commit: 9345f62

Coverage Summary

Coverage data will be displayed here after test execution.

---

This comment is automatically updated by the PR Comment workflow.

[github-actions]

📊 Test Coverage Report

PR: #156
Commit: 3f1799a

Coverage Summary

Coverage data will be displayed here after test execution.

---

This comment is automatically updated by the PR Comment workflow.