build: upgrade dependencies #4
Conversation
| "lefthook": "^1.6.1", | ||
| "typescript": "^5.3.3", | ||
| "vitest": "^1.2.2" | ||
| "@thisismanta/semantic-version": "^9.1.0", |
There was a problem hiding this comment.
would recommend configuring https://github.com/amannn/action-semantic-pull-request so that maintenance is out of our hands. reading code of the action, features are covered to 100% (if i'm not mistaken)
There was a problem hiding this comment.
I'm using this for my other open source projects so I don't mind maintaining.
This library does more than just validating commit messages though. It provides another command to run npm version and git push on CI. This is to avoid boilerplates.
I don't mind replacing it for Taskworld, if you have a strong opinion.
There was a problem hiding this comment.
usually i side with using the mode known approach so that i dont need to rebuild the wheel or maintain it, and that any other engineer can. that one is standardly used across codebases which checks for semantic title (which is not all of them), although configuration is not aligned so it's not 100% on par (so far).
Problems
Dependabot reports the following security alerts