keeganstreet
commented
1 year ago OK great! I better just fix up the commit message because I didn't actually use conventional commits 😅
Closed keeganstreet closed 6 months ago
keeganstreet
commented
1 year ago OK great! I better just fix up the commit message because I didn't actually use conventional commits 😅
Currently most of the dependencies in this package are pinned to specific versions. This prevents consuming applications from being able to update these dependencies. This is particularly a problem when security vulnerabilities are found in dependencies, resulting in new versions of commitizen needing to be released i.e:
https://github.com/commitizen/cz-cli/issues/963 https://github.com/commitizen/cz-cli/issues/945 https://github.com/commitizen/cz-cli/issues/931 https://github.com/commitizen/cz-cli/issues/883
By using a
^before the version number, consuming applications will be able to install minor and patch updates ofcommitizen's dependencies, which should still be compatible withcommitizenaccording to semver principles.