build(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2#206
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
Greptile SummaryThis is a dependabot-generated bump of
Confidence Score: 4/5The bump itself is low-risk mechanically, but @commitlint/cli and @commitlint/config-conventional now sit on different major versions, which can cause the CLI to misinterpret the config object at runtime. The Node engine floor raised by v21 (>=22.12.0) is already satisfied by the project's >=24.0.0 constraint, so that breaking change is harmless here. The remaining concern is that @commitlint/cli was not bumped alongside config-conventional: the CLI at v20 will load a config shaped by v21 tooling, and the two packages share internal type contracts. package.json — the @commitlint/cli version should be reviewed for alignment with @commitlint/config-conventional@21. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["@commitlint/cli@^20.5.3"] --> B["@commitlint/[email protected]\n(top-level)"]
C["@commitlint/config-conventional@^21.0.2"] --> D["@commitlint/[email protected]\n(nested / deduplicated separately)"]
C --> E["conventional-changelog-conventionalcommits@^9.2.0"]
A & C --> F["commitlint runtime\n(CLI v20 interprets config from v21)"]
style A fill:#f0ad4e,color:#000
style C fill:#5cb85c,color:#000
style B fill:#f0ad4e,color:#000
style D fill:#5cb85c,color:#000
style F fill:#d9534f,color:#fff
Reviews (3): Last reviewed commit: "build(deps-dev): bump @commitlint/config..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| "@commitlint/cli": "^20.5.3", | ||
| "@commitlint/config-conventional": "^20.5.3", | ||
| "@commitlint/config-conventional": "^21.0.2", |
There was a problem hiding this comment.
@commitlint/cli stays at ^20.5.3 while @commitlint/config-conventional is promoted to ^21.0.2. These packages ship from the same monorepo and are designed to be used at the same major version. The lock file shows the consequence: @commitlint/config-conventional@21 pulls in its own nested @commitlint/[email protected], while the CLI still consumes the top-level @commitlint/[email protected]. At runtime, the config object that config-conventional v21 produces is interpreted by CLI v20 tooling that expects the v20 type shapes — this can manifest as silent misconfig or outright errors when running commitlint. The safe path is to bump @commitlint/cli to ^21.0.2 in the same PR so both packages move together.
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/commitlint/config-conventional-21.0.2
branch
from
7e909ce to
7498fc1
Compare
Bumps [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) from 20.5.3 to 21.0.2. - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.2/@commitlint/config-conventional) --- updated-dependencies: - dependency-name: "@commitlint/config-conventional" dependency-version: 21.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/commitlint/config-conventional-21.0.2
branch
from
7498fc1 to
0817618
Compare
Bumps @commitlint/config-conventional from 20.5.3 to 21.0.2.
Release notes
Sourced from @commitlint/config-conventional's releases.
... (truncated)
Changelog
Sourced from @commitlint/config-conventional's changelog.
Commits
8069048v21.0.2db8d7d6v21.0.11329a25chore: migrate to pnpm (#4762)6099ae5chore: replace eslint with oxlint (#4756)f081a8ev21.0.044c3174chore: update dependency yargs to v18 #4432 (#4686)ac2b3f4chore!: minimum node version v22 (#4679)