chore(deps-dev): bump cspell from 5.19.5 to 5.19.7

[dependabot[bot]]

Bumps cspell from 5.19.5 to 5.19.7.

Release notes

Sourced from cspell's releases.

v5.19.7

Changes

Fixes

fix: Ignore directories when checking files (#2680)

The following would cause an error when there was a subdirectory.

ls -1 | cspell "**" --cache --file-list=stdin

---

v5.19.6

Changes

• Improved caching
  • Improved detection of stale dependencies (ensures that a file is checked if a related dictionary is changed).
  • Reduce the size of the cache file by consolidating results.
• Added --cache-reset option to the cli

Fixes

Pin actions to a full length commit SHA (#2670)

• Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies

Pin actions to a full length commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

How do I validate these pinned actions?

Also, dependabot supports upgrading based on SHA. ossf/scorecard#1700

GitHub's own repository pin's their checkout actions by SHA and doesn't use the version tag https://github.com/github/docs/blob/ea7f218c91ecbae9a700a8702b51a7d2736e0d2c/.github/workflows/docs-review-collect.yml#L23

Signed-off-by: naveensrinivasan 172697+naveensrinivasan@users.noreply.github.com

... (truncated)

Changelog

Sourced from cspell's changelog.

5.19.7 (2022-04-09)

Bug Fixes

• Ignore directories when checking files (#2680) (fa777f0)

5.19.6 (2022-04-08)

Bug Fixes

• add --cache-reset option (#2677) (631073b)
• add configuration for git commit messages (#2674) (42740a9)
• fix issue with stale cache entries (#2673) (15995a8)
• fix minor typo. (#2647) (a151ccc)
• relative path name (#2675) (51fc55b)

Commits

• 1d33cd1 v5.19.7
• fa777f0 fix: Ignore directories when checking files (#2680)
• 3492202 build(deps): bump peter-evans/create-pull-request from 4.0.1 to 4.0.2 (#2679)
• d23dc0a ci: Workflow Bot -- Update ALL Dependencies (#2678)
• 288584a v5.19.6
• 631073b fix: add --cache-reset option (#2677)
• 7f0b016 ci: Workflow Bot -- Update ALL Dependencies (#2676)
• 51fc55b fix: relative path name (#2675)
• 42740a9 fix: add configuration for git commit messages (#2674)
• 15995a8 fix: fix issue with stale cache entries (#2673)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #243.