feat: upgrade conventional commit packages #4082

[escapedcat]

User description

Fixes: #4082

---

PR Type

Enhancement

---

Description

• Upgrade conventional-commits-parser to v6 and conventional-changelog packages

• Replace deprecated Options type with ParserOptions across codebase

• Update parser implementation to use CommitParser class instead of sync function

• Add parser field to ParserPreset interface for v8 preset compatibility

• Improve dependency resolution fallback logic in test utilities

• Align parser options handling with new preset structure (parser vs parserOpts)

---

Diagram Walkthrough

flowchart LR
  A["conventional-commits-parser v5"] -->|upgrade| B["conventional-commits-parser v6"]
  C["conventional-changelog-angular v7"] -->|upgrade| D["conventional-changelog-angular v8"]
  E["conventional-changelog-conventionalcommits v7"] -->|upgrade| F["conventional-changelog-conventionalcommits v9"]
  B -->|use CommitParser class| G["Parse implementation"]
  D -->|use parser field| H["ParserPreset interface"]
  F -->|use parser field| H
  G -->|handle nested options| I["Parser options handling"]
  H -->|support both formats| I

Loading

File Walkthrough

	Relevant files
Enhancement	7 files index.ts Migrate to CommitParser class and new preset structure      +23/-5    parse.ts Update type import to use ParserOptions                                    +4/-1      lint.ts Update type import to use ParserOptions                                    +1/-1      load.ts Add parser field to ParserPreset interface                              +1/-0      cli.ts Update type import to use ParserOptions                                    +1/-1      load-parser-opts.ts Support both parser and parserOpts preset fields                  +1/-1      npm.ts Improve dependency resolution with require.resolve fallback +40/-1
Dependencies	8 files package.json Upgrade parser and angular changelog dependencies                +3/-4      package.json Replace @types dependency with direct parser dependency    +2/-2      package.json Upgrade conventionalcommits preset to v9                                  +1/-1      package.json Upgrade conventional-changelog-atom dependency                      +1/-1      package.json Upgrade conventionalcommits fixture dependency                      +1/-1      package.json Upgrade conventionalcommits fixture dependency                      +1/-1      package.json Upgrade atom changelog fixture dependency                                +1/-1      package.json Upgrade angular changelog and add parser dependency            +2/-1
Tests	3 files index.test.ts Adapt test to handle new preset parser structure                  +3/-1      index.test.ts Update tests to use new parser field from presets                +3/-3      references-empty.test.ts Update test to use new parser field from presets                  +5/-6

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🟡	🎫 #4082 🟢 Update conventional-changelog/conventional-commits related packages to their latest versions for the affected areas (cli, core, prompt, config-angular) as needed. ⚪ Make the test suite pass again (tests are green) or update/adjust tests to match the latest upstream requirements/behavior.
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Swallowed resolution error: The new dependency-resolution fallback silently ignores require.resolve failures, which may mask real resolution issues and reduce actionable debugging context. Referred Code let sourcePath = resolvePkg(dependency); if (!sourcePath) { try { const entry = require.resolve(dependency); const sourceModulesPath = findParentPath(entry, "node_modules"); if (sourceModulesPath) { const rel = path.relative(sourceModulesPath, entry); const segments = rel.split(path.sep); if (segments[0].startsWith("@")) { sourcePath = path.join( sourceModulesPath, segments[0], segments[1], ); } else { sourcePath = path.join(sourceModulesPath, segments[0]); } } } catch (e) { // Ignore ... (clipped 2 lines) Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Unsafe module resolution Description: The new dependency resolution fallback uses require.resolve(dependency) on dependency names read from a package.json, which could allow unintended module resolution or filesystem path discovery/copying if installModules(cwd) is ever invoked on attacker-controlled manifests. npm.ts [2-56] Referred Code import { createRequire } from "node:module"; import fs from "fs-extra"; import resolvePkg from "resolve-pkg"; import * as git from "./git.js"; const require = createRequire(import.meta.url); export async function installModules(cwd: string) { const manifestPath = path.join(cwd, "package.json"); const targetModulesPath = path.join(cwd, "node_modules"); if (await fs.pathExists(manifestPath)) { const { dependencies = {}, devDependencies = {} } = await fs.readJson(manifestPath); const deps = Object.keys({ ...dependencies, ...devDependencies }); await Promise.all( deps.map(async (dependency: any) => { let sourcePath = resolvePkg(dependency); ... (clipped 34 lines)
Ticket Compliance
🟢	🎫 #4082 🟢 Update the affected conventional-changelog/* and conventional-commits* packages to the latest versions (as needed across cli, core, prompt, config-angular). Ensure the test suite becomes green again (either by fixing code or adjusting tests to the latest requirements/behavior).
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Unstructured warning logs: The new console.warn logging is unstructured and includes the raw error object, which may inadvertently expose sensitive environment/path details depending on the thrown error. Referred Code console.warn( "Unexpected error while resolving dependency:", dependency, e, ); } Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label