Requirement lxml updated from 4.6.3 to 4.6.5 via PR #71 from @snyk-bot. This addresses a security, cross-site scripting vulnerability (XSS) in the lxml library, see SNYK-PYTHON-LXML-2316995
A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.
A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.
Docker image updated to Python 3.10.1 slim via PR #70 from @dependabot
Requirement lxml updated from 4.6.3 to 4.6.5 via PR #71 from @snyk-bot. This addresses a security, cross-site scripting vulnerability (XSS) in the lxml library, see SNYK-PYTHON-LXML-2316995
A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.
A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.
Docker image updated to Python 3.10.1 slim via PR #70 from @dependabot
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps rojopolis/spellcheck-github-actions from 0.18.0 to 0.19.0.
Release notes
Sourced from rojopolis/spellcheck-github-actions's releases.
Changelog
Sourced from rojopolis/spellcheck-github-actions's changelog.
Commits
6bd73f6Preparing security release 0.19.0c0b232cfix: requirements.txt to reduce vulnerabilities (#71)e45a1a5Bump python from 3.10.0-slim to 3.10.1-slim (#70)0320a16Bump rojopolis/spellcheck-github-actions from 0.17.0 to 0.18.0 (#69)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)