Skip to content

chore(deps-dev): bump the all group with 3 updates#5

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-fc455d782e
Open

chore(deps-dev): bump the all group with 3 updates#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-fc455d782e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026

Bumps the all group with 3 updates: @commitlint/cli, @commitlint/config-conventional and commitlint.

Updates @commitlint/cli from 20.5.3 to 21.0.1

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

21.0.0 (2026-05-08)

Breaking

Fixes

Internals (Node 22 cleanup)

  • chore: replace dependencies with Node 22 built-ins by @​escapedcat in #4681 — drops glob, fast-glob, import-meta-resolve, minimist, fs-extra
  • refactor: replace read-pkg with native fs.readFile + JSON.parse by @​escapedcat in #4742
  • chore: update dependency yargs to v18 by @​escapedcat in #4686
  • chore: remove cross-env, move env vars to vitest config by @​escapedcat in #4684

Dependency updates

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

21.0.0 (2026-05-08)

BREAKING CHANGES

  • drop node v18 and v20 support
  • Bump engines to >=v22 in all 39 package.json files
  • Update @​types/node to ^22.0.0
  • Update CI matrix to [22, 24]
  • Update Ubuntu baseline job to ubuntu:26.04
  • Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
  • Update pre-commit hook to use --ignore-engines
  • Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

Commits

Updates @commitlint/config-conventional from 20.5.3 to 21.0.1

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

21.0.0 (2026-05-08)

Breaking

Fixes

Internals (Node 22 cleanup)

  • chore: replace dependencies with Node 22 built-ins by @​escapedcat in #4681 — drops glob, fast-glob, import-meta-resolve, minimist, fs-extra
  • refactor: replace read-pkg with native fs.readFile + JSON.parse by @​escapedcat in #4742
  • chore: update dependency yargs to v18 by @​escapedcat in #4686
  • chore: remove cross-env, move env vars to vitest config by @​escapedcat in #4684

Dependency updates

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

21.0.0 (2026-05-08)

BREAKING CHANGES

  • drop node v18 and v20 support
  • Bump engines to >=v22 in all 39 package.json files
  • Update @​types/node to ^22.0.0
  • Update CI matrix to [22, 24]
  • Update Ubuntu baseline job to ubuntu:26.04
  • Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
  • Update pre-commit hook to use --ignore-engines
  • Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

Commits

Updates commitlint from 20.5.3 to 21.0.1

Release notes

Sourced from commitlint's releases.

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

21.0.0 (2026-05-08)

Breaking

Fixes

Internals (Node 22 cleanup)

  • chore: replace dependencies with Node 22 built-ins by @​escapedcat in #4681 — drops glob, fast-glob, import-meta-resolve, minimist, fs-extra
  • refactor: replace read-pkg with native fs.readFile + JSON.parse by @​escapedcat in #4742
  • chore: update dependency yargs to v18 by @​escapedcat in #4686
  • chore: remove cross-env, move env vars to vitest config by @​escapedcat in #4684

Dependency updates

... (truncated)

Changelog

Sourced from commitlint's changelog.

21.0.1 (2026-05-12)

Note: Version bump only for package commitlint

21.0.0 (2026-05-08)

BREAKING CHANGES

  • drop node v18 and v20 support
  • Bump engines to >=v22 in all 39 package.json files
  • Update @​types/node to ^22.0.0
  • Update CI matrix to [22, 24]
  • Update Ubuntu baseline job to ubuntu:26.04
  • Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
  • Update pre-commit hook to use --ignore-engines
  • Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the all group with 3 updates
2a53235 
Bumps the all group with 3 updates: [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli), [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) and [commitlint](https://github.com/conventional-changelog/commitlint/tree/HEAD/@alias/commitlint).


Updates `@commitlint/cli` from 20.5.3 to 21.0.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.1/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.5.3 to 21.0.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.1/@commitlint/config-conventional)

Updates `commitlint` from 20.5.3 to 21.0.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@alias/commitlint/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.1/@alias/commitlint)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 21.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 21.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: commitlint
  dependency-version: 21.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 14, 2026
@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 15, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli + @commitlint/config-conventional + commitlint 20.5.3 → 21.0.1 (MAJOR)
Breaking changes: Yes — v21.0.0 is a major release; commitlint v21 drops Node <20 support and may have config schema changes (note: the CI commitlint and rust jobs all pass; only the dependabot/auto-merge job failed, which is expected behavior for major bumps blocked from auto-merge)
Our usage: Dev-only — used in the commitlint CI step to enforce conventional commit messages
CI status: Real tests passing ✅ (commitlint, rust, shell, bats all green); auto-merge job failed as expected for major bump
Security advisory: No
Recommendation: Needs investigation — review v21 changelog for any config format changes before merging; check if .commitlintrc config is compatible with v21
Reasoning: Major version bump on a tool that reads config files. v21 release notes mention bug fixes in formatter path resolution (v21.0.1) but the v21.0.0 jump should be checked for any rule or preset changes that could break commitlint CI post-merge.

@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 16, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli 20.5.3 → 21.0.1 (MAJOR) · @commitlint/config-conventional 20.5.3 → 21.0.1 (MAJOR) · commitlint 20.5.3 → 21.0.1 (MAJOR)
Breaking changes: Yes — commitlint v21 drops Node 18/20 support, minimum is now Node >=22. v21.0.1 is a patch fix on top of v21.0.0 (fixes relative formatter path resolution and types).
Our usage: commitlint is a devDependency used in the commitlint CI workflow to enforce conventional commit messages.
CI status: Real tests PASS (rust fmt/clippy/test, shell lint/bats all green). Only failing check is dependabot/auto-merge — auto-merge not configured, not a code failure.
Security advisory: No
Recommendation: Defer — major bump requires Node >=22 as minimum engine. Check the envcache CI matrix (Rust + shell tests currently pass regardless since they don't use Node). Commitlint v21 should be fine if the repo runs on Node 22+, but verify before merging.
Reasoning: envcache is a Rust project; the commitlint v21 Node requirement only affects the CI runner's Node version, not the Rust build. If GitHub Actions runners already use Node 22+ (they do by default now), this is likely safe. Recommend verifying runner Node version before approving.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nmccready