GitLab

An indirect dependency of Commitizen (`merge`) is currently failing the
NPM.js auditor due to vulnerability CVE-2020-28499. This commit moves
the minimum version of Commitizen to 4.2.4, which has resolved this
vulnerability.

Change-Id: Ia9455bdbe02f7406c1a106f173c4095943a201ed
Signed-off-by: Chris Kay <chris.kay@arm.com>