Open DullReferenceException opened 4 years ago
We've moved to allow semver ranges on a number of dependencies via #615 – we'll be working to unpin more as we phase our support of NodeJS@8 (#612, #618).
8.0.1
was published ~6 hours ago which includes updates to conventional-changelog
(#592).
I notice that the dependencies for
standard-version
are all fixed (no^
or~
for example). This makes it impossible to get the version bump inconventional-changelog
, which fixes a CVE.Could the
standard-version
dependencies be updated to use something like^
so that upgrades and de-duplication of transitive dependencies is possible? If you object to this approach, could we at least get a new release ofstandard-version
withconventional-changelog
version bumped?