Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update rojopolis/spellcheck-github-actions action to v0.35.0 #274

Merged
merged 2 commits into from
Dec 11, 2023
Merged

chore(deps): update rojopolis/spellcheck-github-actions action to v0.35.0 #274

merged 2 commits into from
Dec 11, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 11, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
rojopolis/spellcheck-github-actions action minor 0.27.0 -> 0.35.0

Release Notes

rojopolis/spellcheck-github-actions (rojopolis/spellcheck-github-actions)

v0.35.0

Compare Source

Bumping to Python 3.12.0 slim, introduced a number of dependency updates, not all were required, but I have decided to update quite a few, since the Docker image is rebuilt anyway.

v0.34.0

Compare Source

  • Bumped the core component PySpelling to version 2.9, together with wcmatch, bumped to version 2.5, all via PR #​174 bu @​jonasbn

  • Docker image updated to Python 3.11.5 slim via PR #​170 from Snyk. Release notes for Python 3.11.5

  • Added constraint for requirements.txt since one of the dependencies does not support Cython version 3.

I found two guides to fixing the problem:

They state somewhat the same and I have applied a fix via PR #​172 now the Docker image can build again

v0.33.1

Compare Source

  • An update is recommended if you are using the output_file parameter, since the output file handling was shielding the propagation of the status of the actual spellcheck.

    The issue was observed in #​166 reported by @​nlhomme, where the action was reporting success, even though the spellcheck was failing.

    The bug information was lifted into a new issue #​167 and was addressed in PR #​168 by @​jonasbn

v0.33.0

Compare Source

v0.32.0

Compare Source

  • @​dependabot raised an alert for the used dependency: pymdown-extensions. The vulnerability is labelled as CVE-2023-32309. The issue has been present in pymdown-extensions since version 1.5.0 and is patched in version 10.0.

  • Snyk has provided a patch via PR #​158, which has been tested and no regressions has been observed, even with a version leap for pymdown-extensions. from version 8.2 to 10.0. The GitHub Action has been updated to use the patched version, even though there are no direct use of the vulnerable code in the action, but we do not want to be the source of a vulnerability.

  • pymdown-extensions was increased to version 10.0.1, since a bug fix was released to follow up on the security patch.

v0.31.0

Compare Source

v0.30.0

Compare Source

  • PySpelling updated from version 2.8.1 to 2.8.2, including several fixes

    • FIX: Ensure that Aspell actually uses the encoding passed to it for dictionaries.
    • FIX: Use a disallow list for problematic or unsupported arguments to the underlying spell checker instead of using a more restrictive allow list.
    • FIX: Fix logic bug in JavaScript filter.

  • Lifted from the release notes for PySpelling

  • Docker image updated to Python 3.11.2 slim via PR #​142 from @​dependabot. Release notes for Python 3.11.2

v0.29.0

Compare Source

  • Docker image updated to Python 3.11.1 slim via PR #​139 from @​dependabot. Release notes for Python 3.11.1

  • lxml bumped to version 4.9.1 from 4.9.1 to get the build to work, without jumping through too many hoops. We prefer relying on wheel instead of building from source, since lxml can become quite a time sink

v0.28.0

Compare Source

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 11, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@adetalhouet adetalhouet merged commit ecc4efd into main Dec 11, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adetalhouet adetalhouet adetalhouet approved these changes

@strangiato strangiato Awaiting requested review from strangiato strangiato is a code owner

@gnunn1 gnunn1 Awaiting requested review from gnunn1 gnunn1 is a code owner

@pittar pittar Awaiting requested review from pittar pittar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@adetalhouet