Closed renovate[bot] closed 2 years ago
Chiming in here to help move this one along since, as per #883, it would be nice if this could be merged and released to remove the npm audit
warning associated with the commitizen CLI [^1].
Looking at the release notes for Inquirer
in the Pull Request description, the major version changes amount to 2 breaking changes in total, neither of which affect the commitizen CLI v4.2.4:
Judging by that this should be safe to merge. That is, of course, if we trust that Inquirer
didn't accidentally introduce a breaking change without reporting it.
[^1]: I would be inclined to agree that the impact of the vulnerability is limited for the commitizen CLI, but especially if upgrading is trivial I see no reason not to upgrade. Even if just to avoid "polluting" the npm audit
report of users.
+1 I look forward to this update!
Thanks for doing the research on this @ericcornelissen ❤️
Do we know when new release tags are created ? I see the last release is https://github.com/commitizen/cz-cli/releases from May (v4.2.4)
Do we know when new release tags are created ? I see the last release is https://github.com/commitizen/cz-cli/releases from May (v4.2.4)
you can "watch" this repository with All Activity option or Custom->Releases.
Just need to refactor the cz-git
adapter, come and see 🧐🧐🧐 still a little worried
:tada: This PR is included in version 4.2.5 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
This PR contains the following updates:
6.5.2
->8.2.0
Release Notes
SBoudrias/Inquirer.js
### [`v8.2.0`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.2.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.1.5...inquirer@8.2.0) - `checkbox` prompt: Update the help message to be more complete. And the help message is now shown until a selection is made. ### [`v8.1.5`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.1.5) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.1.4...inquirer@8.1.5) Fix older Node version compatibility issue. ### [`v8.1.4`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.1.4) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.1.3...inquirer@8.1.4) - Fix an error being thrown inside the `rawlist` prompt ### [`v8.1.3`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.1.3) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.1.2...inquirer@8.1.3) ##### Bug Fixes - Fix password prompt appearing when doing async filtering/validation - User being prompted a question even though it was answered when using nested answer object format. - Fix extra space appearing when using custom prefix. And bump of all dependencies. ### [`v8.1.2`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.1.2) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.1.1...inquirer@8.1.2) - Fix bug on `rawList` prompt - Bump dependencies ### [`v8.1.1`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.1.1) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.1.0...inquirer@8.1.1) **Fix**: Number prompt `default` behavior. ### [`v8.1.0`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.1.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.0.1...inquirer@8.1.0) ##### New features - Now display a loading spinner while asynchronously filtering or validating data. - `inquirer.prompt()` now accept a shorthand object syntax instead of an array with `name`d prompts: ```js const { foo, bar } = await inquirer.prompt({ foo: { message: '...', default: '...', }, bar: { default: '...', } }): ``` ### [`v8.0.1`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.0.1) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@8.0.0...inquirer@8.0.1) Fixes - Fix issue with duplicate keys in `expand` prompt not being caught if casing didn't match - Fix `rawlist` prompt ignoring `short` option - Rollback dependencies migrated to ESM causing issue for some users And lastly general dependency upgrade (to non-ESM versions) ### [`v8.0.0`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@8.0.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.3.3...inquirer@8.0.0) - Drop support for Node 10 (through dependencies) - Add `postfix` option to the editor prompt to allow easily turning on proper syntax highlighting ### [`v7.3.3`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.3.3) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.3.2...inquirer@7.3.3) - Fix to release the readline on errors - Security patch (lodash) ### [`v7.3.2`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.3.2) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.3.1...inquirer@7.3.2) Fix the `loop: false` option in the `checkbox` prompt. ### [`v7.3.1`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.3.1) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.3.0...inquirer@7.3.1) - Fix the `loop: false` option in the `list` prompt. ### [`v7.3.0`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.3.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.2.0...inquirer@7.3.0) - New option `loop` (boolean) for list type prompts. This prevents the list from looping when reaching the top or bottom of the selection. - Bug fix: multi line list type prompts - Core: Bumped dependencies ### [`v7.2.0`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.2.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.1.0...inquirer@7.2.0) ##### Enhancement - [`039a55c`](https://togithub.com/SBoudrias/Inquirer.js/commit/039a55c7ec04d95887bdeb9b164cc634f26beb57) [#923](https://togithub.com/SBoudrias/Inquirer.js/issues/923) Only import used lodash methods. ([@merceyz](https://togithub.com/merceyz)) ##### Bug Fix - [`a1171d2`](https://togithub.com/SBoudrias/Inquirer.js/commit/a1171d25cdb48c147b405e3173828a8de2dc735b) [#918](https://togithub.com/SBoudrias/Inquirer.js/issues/918) Fix `@inquirer/confirm` formatted output value. ([@rbardini](https://togithub.com/rbardini)) - [`1bf6413`](https://togithub.com/SBoudrias/Inquirer.js/commit/1bf6413b71e94b52a68ba9a4d331ea67453e3390) Fix `engines` field for Node.js 8. ([@LitoMore](https://togithub.com/LitoMore)) ### [`v7.1.0`](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.7...inquirer@7.1.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.7...inquirer@7.1.0) ### [`v7.0.7`](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.6...inquirer@7.0.7) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.6...inquirer@7.0.7) ### [`v7.0.6`](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.5...inquirer@7.0.6) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.5...inquirer@7.0.6) ### [`v7.0.5`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.0.5) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.4...inquirer@7.0.5) Errors when running in non-TTY environment are now marked and catchable. ### [`v7.0.4`](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.3...inquirer@7.0.4) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.3...inquirer@7.0.4) ### [`v7.0.3`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.0.3) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.2...inquirer@7.0.3) Revert broken fix done in 7.0.2 ### [`v7.0.2`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.0.2) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.1...inquirer@7.0.2) \~Work around bug affecting Windows user with Node 10 ([#767](https://togithub.com/SBoudrias/Inquirer.js/issues/767))~ (Reverted in v7.0.3) ### [`v7.0.1`](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.0...inquirer@7.0.1) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@7.0.0...inquirer@7.0.1) ### [`v7.0.0`](https://togithub.com/SBoudrias/Inquirer.js/releases/inquirer@7.0.0) [Compare Source](https://togithub.com/SBoudrias/Inquirer.js/compare/inquirer@6.5.2...inquirer@7.0.0) - Drop support for Node 6.Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.