Skip to content

build(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2#208

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/commitlint/cli-21.0.2
Open

build(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2#208
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/commitlint/cli-21.0.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Bumps @commitlint/cli from 20.5.3 to 21.0.2.

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

Chore/CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.2 (2026-05-29)

Bug Fixes

  • disallow same commit hash for --from and --to (#4773) (121005e)

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

21.0.0 (2026-05-08)

BREAKING CHANGES

  • drop node v18 and v20 support
  • Bump engines to >=v22 in all 39 package.json files
  • Update @​types/node to ^22.0.0
  • Update CI matrix to [22, 24]
  • Update Ubuntu baseline job to ubuntu:26.04
  • Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
  • Update pre-commit hook to use --ignore-engines
  • Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) [email protected]

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 4, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 4, 2026 02:36
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 4, 2026
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Jun 4, 2026
edited
Loading

Greptile Summary

This is a dependabot PR bumping @commitlint/cli from v20.5.3 to v21.0.2, a major version release that drops Node v18/v20 support in favour of >=22.12.0. The project already declares "engines": {"node": ">=24.0.0"} and CI runs on Node 24, so the engine constraint is satisfied.

  • @commitlint/cli and all its internal sub-packages (@commitlint/lint, @commitlint/load, @commitlint/read, etc.) are updated to v21; @commitlint/config-conventional remains at ^20.5.3, requiring npm to install duplicate nested copies of @commitlint/types (v20 at root, v21 nested under each v21 package) to satisfy both versions simultaneously.
  • Transitive updates include conventional-commits-parser 6.3→6.4, es-toolkit 1.46→1.47, yargs 17→18 (scoped under the CLI), and removal of minimist and import-meta-resolve from the v21 dependency tree.

Confidence Score: 4/5

Safe to merge for CI/tooling purposes — Node 24 satisfies the new engine requirement — but the cross-major mismatch between @commitlint/cli v21 and @commitlint/config-conventional v20 means commitlint may silently mis-apply or reject rules until config-conventional is co-bumped.

The CLI's major-version jump to v21 is fully compatible with the project's Node 24 environment, and all internal @commitlint/* sub-packages are consistently updated. The outstanding concern is that @commitlint/config-conventional was not co-bumped: the v21 loader now resolves a v20 preset, and any type-level or API-level divergence between the two major versions could cause commitlint to behave incorrectly without a clear error.

package.json — the @commitlint/config-conventional version should be reviewed for a companion bump to v21.

Important Files Changed

Filename Overview
package.json Bumps @commitlint/cli to ^21.0.2 while @commitlint/config-conventional remains at ^20.5.3, creating a cross-major version dependency pairing
package-lock.json Lock file updated to reflect the v21 CLI tree; npm resolves the v20/v21 @commitlint/types split via nested installs under each package, adding several duplicate copies of @commitlint/[email protected]

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["@commitlint/cli v21.0.2"] --> B["@commitlint/load v21"]
    A --> C["@commitlint/lint v21"]
    A --> D["@commitlint/read v21"]
    A --> E["@commitlint/format v21"]
    B --> F["@commitlint/resolve-extends v21"]
    B --> G["@commitlint/config-validator v21"]
    B --> H["@commitlint/types v21 (nested)"]
    C --> I["@commitlint/rules v21"]
    C --> J["@commitlint/is-ignored v21"]
    K["@commitlint/config-conventional v20.5.3 (unchanged)"] --> L["@commitlint/types v20 (root)"]
    style K fill:#f9a,stroke:#c66
    style L fill:#f9a,stroke:#c66
    style H fill:#adf,stroke:#66c
Loading

Reviews (4): Last reviewed commit: "build(deps-dev): bump @commitlint/cli fr..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 4, 2026
View reviewed changes
Comment thread package.json
"devDependencies": {
"@commitlint/cli": "^20.5.3",
"@commitlint/cli": "^21.0.2",
"@commitlint/config-conventional": "^20.5.3",
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Major version mismatch: @commitlint/config-conventional not co-bumped

@commitlint/cli was updated to v21 while @commitlint/config-conventional remains at ^20.5.3. Commitlint publishes all its packages in lock-step from a single monorepo, so mixing major versions can cause type mismatches or unexpected runtime behavior when the CLI attempts to load the v20 config preset through its v21 internal loader (@commitlint/load). A companion PR or manual bump of @commitlint/config-conventional to ^21.0.x should be included.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/commitlint/cli-21.0.2 branch 2 times, most recently from 41d613e to 4ea5ff8 Compare June 4, 2026 02:43
@dependabot
build(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2
ec8f464 
Bumps [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) from 20.5.3 to 21.0.2.
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.2/@commitlint/cli)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 21.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/commitlint/cli-21.0.2 branch from 4ea5ff8 to ec8f464 Compare June 4, 2026 02:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants