The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
π·οΈ Test first on a branch by changing your workflow tags/references to this release. See π£ Breaking Changes for how to adapt your workflow.
π See Known Issues for known issues
β¨ Highlights
SARIF reporting should work for push events and workflows that use checkout: true
If you use a second job for commenting and the most recent comment was collapsed in response to a previous commit and the latest commit doesn't trigger a new comment, a new job will be not be dispatched
Files with Mac OS classic line endings (\r) should be properly handled (previously they'd erroneously trigger a minified-file warning)
Running the check-spelling action on Windows runners doesn't work
This appears to be an incompatibility involving StrawberryPerl, cpanm, and ExtUtils::Manifest
Note that running check-spelling on a GitHub hosted runner other than ubuntu-* doesn't really
make sense as the Windows and macOS runners are much more expensive per minute and check-spelling
itself doesn't need any facilities from the OS -- it should be checking the spelling of files
as they are present in commits.
While the check-spelling action won't work on Windows, apply.pl and the output check-spelling produces are expected to work on Windows.
magic file enables check-spelling to automatically recognize more files to exclude. It has been pretty reliable/helpful.
Migrating
When you upgrade, if there are files that magic file detects as worthy of excluding, it will suggest adding them to excludes. If they turn out to be files that shouldn't be excluded, you can add use_magic_file: 0 to turn it off (and please file an issue with a sample showing why the files were falsely suggested for exclusion).
If you had previously set use_magic_file: 1, you can remove that setting, as that's now the new default. (You can also leave the value set, it's basically harmless, but it is now superfluous.)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps check-spelling/check-spelling from 0.0.22 to 0.0.24.
Release notes
Sourced from check-spelling/check-spelling's releases.
... (truncated)
Commits
67debf5action: Release v0.0.2445fd1fdt/FlakyServer.t: Fix handling of days 1-9d286d55action: Clarify that GITHUB_TOKEN has a default9376155UnknownWordSplitter: Auto-detect line endingsba8829dunknown-words: Only suggest collapsing previous comment if it is not collapsedc2d4ddfaction: Fix logic to upload sarif for push events2c9e4a8action: Release v0.0.238da92f1action: Load actions on demand6494dc2action: Improve missing merge head handling41422d3test: Download gh if it is ancientDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show