chore: update commitlint toolchain together#38
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 152e19869f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "peerDependencies": { | ||
| "conventional-commits-filter": "^5.0.0", | ||
| "conventional-commits-parser": "^6.4.0" | ||
| }, |
There was a problem hiding this comment.
Regenerate the lockfile so npm ci can install
With this lockfile, a fresh install fails before any checks run: npm ci --ignore-scripts --no-audit --no-fund reports Missing: conventional-commits-parser@ from lock file while resolving the new git-raw-commits/@conventional-changelog/git-client dependency chain. Since the repo workflows install with npm ci, this breaks CI and clean developer checkouts until the package-lock is regenerated to include the missing resolved peer entry.
Useful? React with 👍 / 👎.
Updates the commitlint CLI/config/cz package family and lint-staged together so npm ci receives a coherent lockfile. This is intended to supersede the split Dependabot PRs that leave CI with package-lock skew.
Lockfile rationale
The lockfile was regenerated with npm 10 to match the GitHub Actions runner behavior. npm 11 accepted the prior lockfile shape locally, but CI's npm 10 rejected it as missing the parser entry required by the resolved dependency graph.
Local verification in sparse checkout:
npx -y npm@10 ci --ignore-scripts