Package commitizen <4.2.5 has downstream security vulnerability #1026
Description
The web-scripts package uses commitizen as a dependency set to ^4.2.4. Below version 4.2.5, commitizen has a downstream security vulnerability due to a transitive dependency on an old version of ansi-regex. This can be fixed by customers of web-scripts by adding commitizen to their resolutions at ^4.2.5, but it would be ideal if web-scripts itself had commitizen set to ^4.2.5. Can this be added? I'd be happy to open a PR