fix(deps): update dependency inquirer to v8

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
inquirer	6.5.2 -> 8.2.0

---

Release Notes

SBoudrias/Inquirer.js

v8.2.0

Compare Source

• checkbox prompt: Update the help message to be more complete. And the help message is now shown until a selection is made.

v8.1.5

Compare Source

Fix older Node version compatibility issue.

v8.1.4

Compare Source

• Fix an error being thrown inside the rawlist prompt

v8.1.3

Compare Source

Bug Fixes

• Fix password prompt appearing when doing async filtering/validation
• User being prompted a question even though it was answered when using nested answer object format.
• Fix extra space appearing when using custom prefix.

And bump of all dependencies.

v8.1.2

Compare Source

• Fix bug on rawList prompt
• Bump dependencies

v8.1.1

Compare Source

Fix: Number prompt default behavior.

v8.1.0

Compare Source

New features

• Now display a loading spinner while asynchronously filtering or validating data.
• inquirer.prompt() now accept a shorthand object syntax instead of an array with named prompts:

const { foo, bar } = await inquirer.prompt({
  foo: {
    message: '...',
    default: '...',
  },
  bar: {
    default: '...',
  }
}):

v8.0.1

Compare Source

Fixes

• Fix issue with duplicate keys in expand prompt not being caught if casing didn't match
• Fix rawlist prompt ignoring short option
• Rollback dependencies migrated to ESM causing issue for some users

And lastly general dependency upgrade (to non-ESM versions)

v8.0.0

Compare Source

• Drop support for Node 10 (through dependencies)
• Add postfix option to the editor prompt to allow easily turning on proper syntax highlighting

v7.3.3

Compare Source

• Fix to release the readline on errors
• Security patch (lodash)

v7.3.2

Compare Source

Fix the loop: false option in the checkbox prompt.

v7.3.1

Compare Source

• Fix the loop: false option in the list prompt.

v7.3.0

Compare Source

• New option loop (boolean) for list type prompts. This prevents the list from looping when reaching the top or bottom of the selection.
• Bug fix: multi line list type prompts
• Core: Bumped dependencies

v7.2.0

Compare Source

Enhancement

• 039a55c #​923 Only import used lodash methods. (@​merceyz)

Bug Fix

• a1171d2 #​918 Fix @inquirer/confirm formatted output value. (@​rbardini)
• 1bf6413 Fix engines field for Node.js 8. (@​LitoMore)

v7.1.0

Compare Source

v7.0.7

Compare Source

v7.0.6

Compare Source

v7.0.5

Compare Source

Errors when running in non-TTY environment are now marked and catchable.

v7.0.4

Compare Source

v7.0.3

Compare Source

Revert broken fix done in 7.0.2

v7.0.2

Compare Source

~Work around bug affecting Windows user with Node 10 (#​767)~ (Reverted in v7.0.3)

v7.0.1

Compare Source

v7.0.0

Compare Source

• Drop support for Node 6.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[ericcornelissen]

Chiming in here to help move this one along since, as per #883, it would be nice if this could be merged and released to remove the npm audit warning associated with the commitizen CLI ¹.

Looking at the release notes for Inquirer in the Pull Request description, the major version changes amount to 2 breaking changes in total, neither of which affect the commitizen CLI v4.2.4:

• Drop support for Node 6. --> Commitizen only supports Node 12 and higher
• Drop support for Node 10 (through dependencies) --> Commitizen only supports Node 12 and higher

Judging by that this should be safe to merge. That is, of course, if we trust that Inquirer didn't accidentally introduce a breaking change without reporting it.

Footnotes

1. I would be inclined to agree that the impact of the vulnerability is limited for the commitizen CLI, but especially if upgrading is trivial I see no reason not to upgrade. Even if just to avoid "polluting" the npm audit report of users. ↩

[yukha-dw]

+1
I look forward to this update!

[LinusU]

Thanks for doing the research on this @ericcornelissen ❤️

[cgaube]

Do we know when new release tags are created ? I see the last release is https://github.com/commitizen/cz-cli/releases from May (v4.2.4)

[yukha-dw]

Do we know when new release tags are created ? I see the last release is https://github.com/commitizen/cz-cli/releases from May (v4.2.4)

you can "watch" this repository with All Activity option or Custom->Releases.

[Zhengqbbb]

Just need to refactor the cz-git adapter, come and see 🧐🧐🧐 still a little worried

[github-actions]

🎉 This PR is included in version 4.2.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀