Skip to content

chore(deps-dev): bump the all group with 3 updates#4

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-e19c5cc19c
Open

chore(deps-dev): bump the all group with 3 updates#4
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-e19c5cc19c

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps the all group with 3 updates: @commitlint/cli, @commitlint/config-conventional and commitlint.

Updates @commitlint/cli from 20.5.0 to 20.5.3

Release notes

Sourced from @​commitlint/cli's releases.

v20.5.3

20.5.3 (2026-04-30)

Refactor

Docs

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.5.2...v20.5.3

v20.5.2

20.5.2 (2026-04-25)

Just minor dep updates before the next breaking change

Chore & Docs

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.5.1...v20.5.2

v20.5.1

20.5.1 (2026-03-31)

Bug Fixes

Reverts

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/cli

20.5.2 (2026-04-25)

Note: Version bump only for package @​commitlint/cli

Commits

Updates @commitlint/config-conventional from 20.5.0 to 20.5.3

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.5.3

20.5.3 (2026-04-30)

Refactor

Docs

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.5.2...v20.5.3

v20.5.2

20.5.2 (2026-04-25)

Just minor dep updates before the next breaking change

Chore & Docs

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.5.1...v20.5.2

v20.5.1

20.5.1 (2026-03-31)

Bug Fixes

Reverts

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/config-conventional

Commits

Updates commitlint from 20.5.0 to 20.5.3

Release notes

Sourced from commitlint's releases.

v20.5.3

20.5.3 (2026-04-30)

Refactor

Docs

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.5.2...v20.5.3

v20.5.2

20.5.2 (2026-04-25)

Just minor dep updates before the next breaking change

Chore & Docs

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.5.1...v20.5.2

v20.5.1

20.5.1 (2026-03-31)

Bug Fixes

Reverts

... (truncated)

Changelog

Sourced from commitlint's changelog.

20.5.3 (2026-04-30)

Note: Version bump only for package commitlint

20.5.2 (2026-04-25)

Note: Version bump only for package commitlint

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the all group with 3 updates
7373683 
Bumps the all group with 3 updates: [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli), [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) and [commitlint](https://github.com/conventional-changelog/commitlint/tree/HEAD/@alias/commitlint).


Updates `@commitlint/cli` from 20.5.0 to 20.5.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.5.0 to 20.5.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/config-conventional)

Updates `commitlint` from 20.5.0 to 20.5.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@alias/commitlint/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@alias/commitlint)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 20.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: commitlint
  dependency-version: 20.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 30, 2026
@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 4, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli 20.5.0→20.5.3, @commitlint/config-conventional 20.5.0→20.5.3, commitlint 20.5.0→20.5.3 (patch)
Breaking changes: No — refactor replaces lodash.* with es-toolkit/compat internally; no public API changes
Our usage: dev dependency only (commit linting in CI)
CI status: Tests passing (Rust fmt+clippy+test, shell lint+bats, commitlint all green); only dependabot / auto-merge workflow failing (auto-merge gate policy, not a code failure)
Security advisory: No
Recommendation: Safe to merge
Reasoning: Pure patch bumps (0→3 patch versions) on dev-only commitlint toolchain. No breaking changes. Internal lodash→es-toolkit swap is transparent. All functional CI checks pass.

@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 6, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli + @commitlint/config-conventional + commitlint 20.5.0 → 20.5.3 (patch)
Breaking changes: No — patch releases only. v20.5.3 replaced internal lodash.* deps with es-toolkit/compat (internal refactor, no API changes). v20.5.2 was minor dep/docs cleanup.
Our usage: Dev dependencies only — commitlint is used for commit message linting in CI, not runtime code.
CI status: All actual checks pass ✅ (rust fmt/clippy/test, shell lint+bats, tests, commitlint). The dependabot/auto-merge job shows FAILURE but that reflects auto-merge being blocked/disabled — not a test failure.
Security advisory: No
Recommendation: Safe to merge manually. All tests pass, dev-only deps, patch bumps with no breaking changes. Auto-merge job failure is a workflow config issue, not a code issue.
Reasoning: Patch bumps to commitlint dev tooling with no breaking API changes. The lodash→es-toolkit refactor is internal to the commitlint package and does not affect consumers. Merge when convenient.

@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 6, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli 20.5.0 → 20.5.3 (patch) · @commitlint/config-conventional 20.5.0 → 20.5.3 (patch) · commitlint 20.5.0 → 20.5.3 (patch)
Breaking changes: No — patch releases; 20.5.3 replaces lodash.* with es-toolkit/compat (internal refactor, no API change)
Our usage: Dev dependencies only — commit linting in CI; no production or binary impact
CI status: ⚠️ Shows FAILURE — but only the dependabot/auto-merge workflow check failed (workflow config issue, not a test failure). All real checks pass: commitlint ✅, shell (lint + bats) ✅, rust (fmt + clippy + test) ✅, tests ✅
Security advisory: No
Recommendation: Safe to merge
Reasoning: The CI failure is a false alarm — the auto-merge workflow doesn't have permissions to auto-merge (expected for this repo config). Actual test suite is fully green. Three patch bumps on dev tooling only. Approved. Merge when ready.

@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 7, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli, @commitlint/config-conventional, commitlint 20.5.0 → 20.5.3 (patch)
Breaking changes: No — patch releases only; internal refactor (lodash.* → es-toolkit/compat) is transparent to consumers
Our usage: Dev dependency — commitlint enforces conventional commit messages in CI
CI status: All substantive checks PASS (commitlint, rust fmt+clippy+test, shell lint+bats, tests). The FAILURE flag is from the dependabot/auto-merge GitHub Action step "Enable auto-merge" — this is a permissions issue with the auto-merge workflow, not a code problem.
Security advisory: No
Recommendation: Safe to merge
Reasoning: Pure patch bumps to commitlint dev deps; all tests green; CI failure is a workflow permissions issue unrelated to the code change.

@nmccready
Copy link
Copy Markdown
Contributor

nmccready commented May 11, 2026

Dependabot Triage — BrickTARS

Bump: @commitlint/cli + @commitlint/config-conventional + commitlint 20.5.0 → 20.5.3 (patch)
Breaking changes: No — refactor replaced lodash.* deps with es-toolkit/compat; docs and CI cleanup only
Our usage: commitlint is a dev dependency used in commit-msg hooks for conventional commit enforcement
CI status: FAILING — the patch bump itself is safe; the CI failure is likely pre-existing or caused by an environment issue unrelated to these dep changes
Security advisory: No
Recommendation: Needs investigation — investigate the CI failure root cause before merging
Reasoning: The dep changes in 20.5.0→20.5.3 are benign (lodash→es-toolkit swap is internal, no API changes). The CI failure is suspicious for a patch bump; check the workflow logs to rule out a flaky test, missing secret, or upstream CI infrastructure issue. If the failure is unrelated to these deps, a manual rerun or rebase may clear it. Otherwise this is safe to merge once CI is green.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nmccready