chore(deps): remove outdated linting modules

[MikeMcC399]

Situation

pre-git

The npm module [email protected], configured in the repo, was released on Mar 13, 2018. This was 7 years ago and is the latest release of the module. The module is effectively unmaintained.

• pre-git contains multiple unfixable vulnerabilities:

  16 vulnerabilities (5 moderate, 7 high, 4 critical)

• The postinstall hook of pre-git adds a semantic-release configuration option, changing the default, if simple-commit-message has been uninstalled

    "release": {
    "analyzeCommits": "simple-commit-message"
  },

github-post-release

The npm module [email protected], configured in the repo, was released on Aug 11, 2017. This was 8 years ago and is the latest release of the module. The module is effectively unmaintained.

• github-post-release contains multiple unfixable vulnerabilities:

  19 vulnerabilities (3 moderate, 10 high, 6 critical)

dont-crack

The npm module [email protected], configured in the repo, was released on Jun 7, 2017. This was 8 years ago and is the latest release of the module. The module is effectively unmaintained.

• dont-crack contains multiple unfixable vulnerabilities:

  36 vulnerabilities (3 low, 12 moderate, 15 high, 6 critical)

simple-commit-message

simple-commit-message is in the dependencies section of pre-git and of github-post-releasetherefore these need to be considered together:

The npm module [email protected] configured in the repo, was released on Jul 4, 2021 and is the latest release. It is effectively unmaintained and has the following issues:

• Uses non-standard commit message types (see https://github.com/bahmutov/simple-commit-message/blob/master/README.md#valid-commit-messages) major: and minor:. Does not allow the use of docs:, testing:, etc. used in other Cypress repos.
• Contains multiple unfixable vulnerabilities:

  10 vulnerabilities (1 low, 2 moderate, 4 high, 3 critical)

Assessment

simple-commit-message, pre-git, github-post-release and dont-crack are linting components, intended to apply rules and increase the quality of the packaged module.

Their unmaintained and vulnerable status however means that they can no longer be used. It may be possible to replace their function using supported modules, however given the number of other issues in this repo, this enhancement would need to be deferred to a later stage.

The modules are used in the configuration of semantic-release. See also #165 for separate releated configuration issues.

Since these modules are all interrelated, they need to be removed together.

Change

In package.json, remove:

• npm devDependencies modules:
  • dont-crack
  • github-post-release
  • pre-git
  • simple-commit-message
• config key (.github/hooks)
• release key (semantic-release configuration)

Verify

On Ubuntu 24.04.3 LTS, Node.js 22.18.0 LTS

execute the following and confirm no fatal errors are reported:

npm ci
npm test
npx semantic-release --dry-run

Follow-up

Locally, it may be necessary to remove hooks from .git/hooks manually.

[MikeMcC399]

@AtofStryker

This PR removes the problem that adding commits or pushing to the repo was permanently resulting in errors which then had to be overridden.

[github-actions]

🎉 This PR is included in version 2.2.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀