ci: bump @commitlint/config-conventional from 20.5.0 to 20.5.3

[dependabot]

Bumps @commitlint/config-conventional from 20.5.0 to 20.5.3.

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.5.3

20.5.3 (2026-04-30)

Refactor

• refactor: replace all lodash.* dependencies with es-toolkit/compat by @​debuggingfuture in conventional-changelog/commitlint#4734

Docs

• docs: use nodejs commands for creating files on Windows (#4728) by @​festoney8 in conventional-changelog/commitlint#4730

New Contributors

• @​festoney8 made their first contribution in conventional-changelog/commitlint#4730
• @​debuggingfuture made their first contribution in conventional-changelog/commitlint#4734

Full Changelog: conventional-changelog/commitlint@v20.5.2...v20.5.3

v20.5.2

20.5.2 (2026-04-25)

Just minor dep updates before the next breaking change

Chore & Docs

• chore: remove codesandbox ci integration by @​escapedcat in conventional-changelog/commitlint#4680
• docs: add Windows UTF-8 encoding note to getting started guide by @​Chessing234 in conventional-changelog/commitlint#4699
• docs: improve parserPreset documentation with examples and options reference by @​Chessing234 in conventional-changelog/commitlint#4700
• docs: fix subject-case rule default from 'always' to 'never' by @​Chessing234 in conventional-changelog/commitlint#4703

New Contributors

• @​Chessing234 made their first contribution in conventional-changelog/commitlint#4699

Full Changelog: conventional-changelog/commitlint@v20.5.1...v20.5.2

v20.5.1

20.5.1 (2026-03-31)

Bug Fixes

• fix(cz-commitlint): add VS16 to single character emojis by @​mrt181 in conventional-changelog/commitlint#4666
• fix(cz-commitlint): handle modifiers correctly by @​mrt181 in conventional-changelog/commitlint#4667

Reverts

• Revert "fix: update dependency global-directory to v5 (#4671)" by @​escapedcat in conventional-changelog/commitlint#4677

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/config-conventional

Commits

• 31e959a v20.5.3
• See full diff in compare view

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@commitlint/config-conventional	20.5.3	🟢 5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/11 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json