build(hooks): update Commitizen to ^4.2.4
An indirect dependency of Commitizen (`merge`) is currently failing the
NPM.js auditor due to vulnerability CVE-2020-28499. This commit moves
the minimum version of Commitizen to 4.2.4, which has resolved this
vulnerability.
Change-Id: Ia9455bdbe02f7406c1a106f173c4095943a201ed
Signed-off-by:
Chris Kay <chris.kay@arm.com>
This diff is collapsed.
... | @@ -6,7 +6,7 @@ | ... | @@ -6,7 +6,7 @@ |
"devDependencies": { | "devDependencies": { | ||
"@commitlint/cli": "^11.0.0", | "@commitlint/cli": "^11.0.0", | ||
"@commitlint/config-conventional": "^11.0.0", | "@commitlint/config-conventional": "^11.0.0", | ||
"commitizen": "^4.2.2", | "commitizen": "^4.2.4", | ||
"cz-conventional-changelog": "^3.3.0", | "cz-conventional-changelog": "^3.3.0", | ||
"husky": "^5.0.4" | "husky": "^5.0.4" | ||
} | } | ||
... | ... |
Please register or sign in to comment