feat: upgrade dependency versions

[notrev]

Upgrade dependency versions to fix security issues and adjust code to reflect changes

commitizen has been replaced by @ryansonshine/commitizen because the latest version published in NPM has critical security issues and it appears that the developers can't publish new versions to NPM. @ryansonshine/commitizen has fixed the critical issues and published a newer version in NPM. Read this comment for more information.

[juliuscc]

This looks good to me! 😁

I only have one small question and that is: Is this commit breaking? Would it still work if I just updated this library or is it necessary to change to @ryansonshine/commitizen?

If so it's important that the commit message includes a migration guide, and a [BREAKING]-footer. Otherwise, you can just merge.

Regardless, I approve 👍 😁

[notrev]

@juliuscc, who can I ping to get this PR merged?

[juliuscc]

I thought there was someone at DR who had merge-access @notrev. I am out of town over the weekend but can merge on Tuesday if no one has merged before that.

[juliuscc]

I can merge it now. I just want to know if it's a breaking change. Then I will keep the PR message but add BREAKING CHANGE: before the last paragraph. Like this:

feat: upgrade dependency versions #63

Upgrade dependency versions to fix security issues and adjust code to reflect changes

BREAKING CHANGE: `commitizen` has been replaced by `@ryansonshine/commitizen` because the latest version published in NPM has critical security issues and it appears that the developers can't publish new versions to NPM. You will have to replace 'commitizen' with `@ryansonshine/commitizen` in your workflow to upgrade `@digitalroute/cz conventional-changelog-for-jira`. `@ryansonshine/commitizen` has fixed the critical issues and published a newer version in NPM. Read https://github.com/commitizen/cz-cli/issues/914#issuecomment-1131383383 for more information.

[notrev]

@juliuscc, codewise, there does not seem to be any breaking changes. When checking the commits in @ryansonshine/commitizen, they are mostly for C.D/C.I, documentation and dependency updates. There are no new features.

But, this is a dependency replacement. I don't know if we should consider this a breaking change.

If we consider code changes, this is not a breaking change. If we consider dependency replacement, it could be a breaking change.

[juliuscc]

I define a breaking change as anything that requires extra actions above doing npm install --save-dev @digitalroute/cz-conventional-changelog-for-jira@latest. Will this adapter still work with the regular version of commitizen or does the users have to update to @ryansonshine/commitizen?

[notrev]

It still works with the regular version. The dependency was replaced only to solve a critical security issue, as described in this PR description.

[juliuscc]

Perfect then it seems non-breaking to me 👍 Let's merge it

[juliuscc]

The new version of semantic-release requires a higher version of Node than we run in our GitHub actions. So the action failed and the package was not released.

Could you submit a PR that updates the Node version that we use in the GitHub action? @notrev

[github-actions]

🎉 This PR is included in version 7.3.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀