Upgrade dev tooling

[senechko]

Summary

• upgrade TypeScript, Prettier, Husky, AVA, Sinon, and related dev dependencies
• replace pretty-quick with lint-staged and modernize the Husky pre-commit hook
• add type-aware ESLint with no-floating-promises, no-explicit-any, and consistent-type-imports
• target ES2022 for Node 22 and remove redundant es2020.promise lib entry

Test Plan

• npm run lint
• npm run build
• npm test

---

Note

Low Risk
Low risk: primarily developer-tooling/config changes (Husky, lint-staged, Prettier, ESLint) with only minor TypeScript type/import tweaks and no intended runtime behavior changes.

Overview
Upgrades local developer tooling by modernizing the Husky pre-commit hook to run check-version.ts and lint-staged (replacing pretty-quick), and expanding .prettierignore to skip generated/vendor artifacts.

Adds a new type-aware eslint.config.js (using @typescript-eslint) enforcing no-floating-promises, no-explicit-any, and consistent-type-imports with targeted overrides. Code changes are limited to TypeScript hygiene updates (type-only imports, narrower error type in Request, and a small conditional-spread tweak in TrackClient.addDevice).

^{Reviewed by Cursor Bugbot for commit 35cc7e5. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	husky@​8.0.1 ⏵ 9.1.7	+1		-16
	@​typescript-eslint/​parser@​8.59.4
	@​types/​sinon@​17.0.4 ⏵ 21.0.1
	@​typescript-eslint/​eslint-plugin@​8.59.4
	eslint@​10.4.0
	typescript@​4.9.4 ⏵ 5.9.3	+1
	prettier@​2.6.2 ⏵ 3.8.3	-1
	ava@​5.3.1 ⏵ 6.4.1	+1
	sinon@​17.0.2 ⏵ 19.0.5			+1	+43
	lint-staged@​16.4.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm typescript Location: Package overview From: package-lock.json → npm/typescript@5.9.3 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@5.9.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm uri-js Location: Package overview From: package-lock.json → npm/eslint@10.4.0 → npm/uri-js@4.4.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/uri-js@4.4.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit df14988. Configure here.}

[mike-engel]

#189 is also open. @senechko can you work with @kamiwaaidearu to choose one PR to champion?