TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / 7fff6c70ed9de55ace9cccc1d9b65375bcdc33e3^! / . / package.json
commit7fff6c70ed9de55ace9cccc1d9b65375bcdc33e3[log] [tgz]
authorChris Kay <chris.kay@arm.com>Wed May 12 15:22:42 2021 +0100
committerChris Kay <chris.kay@arm.com>Wed May 12 15:43:56 2021 +0100
treed5fe5490f3fbbb4a2849670c38e8986e36e61aec
parent57dde21207c7fecbb78c2019a71ffb65ca740dc3 [diff] [blame]
build(hooks): update Commitizen to ^4.2.4

An indirect dependency of Commitizen (`merge`) is currently failing the
NPM.js auditor due to vulnerability CVE-2020-28499. This commit moves
the minimum version of Commitizen to 4.2.4, which has resolved this
vulnerability.

Change-Id: Ia9455bdbe02f7406c1a106f173c4095943a201ed
Signed-off-by: Chris Kay <chris.kay@arm.com>

diff --git a/package.json b/package.json
index 04f5ffb..ebd5d55 100644
--- a/package.json
+++ b/package.json

@@ -6,7 +6,7 @@
   "devDependencies": {
     "@commitlint/cli": "^11.0.0",
     "@commitlint/config-conventional": "^11.0.0",
-    "commitizen": "^4.2.2",
+    "commitizen": "^4.2.4",
     "cz-conventional-changelog": "^3.3.0",
     "husky": "^5.0.4"
   }