rojopolis/spellcheck-github-actions (rojopolis/spellcheck-github-actions)
### [`v0.40.0`](https://togithub.com/rojopolis/spellcheck-github-actions/blob/HEAD/CHANGELOG.md#0400-2024-07-18-maintenance-release-update-recommended)
[Compare Source](https://togithub.com/rojopolis/spellcheck-github-actions/compare/0.39.0...0.40.0)
- Minor error in the previous release, re-releasing as `0.40.0` see changes from `0.39.0` below
### [`v0.39.0`](https://togithub.com/rojopolis/spellcheck-github-actions/blob/HEAD/CHANGELOG.md#0390-2024-07-17-maintenance-release-update-recommended)
[Compare Source](https://togithub.com/rojopolis/spellcheck-github-actions/compare/0.38.0...0.39.0)
- PR from [@snyk-bot](https://togithub.com/snyk-bot) [#204](https://togithub.com/rojopolis/spellcheck-github-actions/pull/204) this updates the indirect Python dependency `zipp` from version `3.15.0` to `3.19.1`
The dependency has a security flaw, please see below references.
Do note `zipp` is not a direct dependency, but it is a dependency of `importlib-metadata`, which is a dependency of `pyspelling`, which is the core component of this action.
By indicating is as a direct dependency of version 3.19.1, we can ensure that the action is not vulnerable, even though the vulnerability might not directly exploitable in the context of this action.
References:
- [Snyk description of issue](https://security.snyk.io/package/pip/zipp/3.15.0)
- [GitHub Security Advisory](https://togithub.com/advisories/GHSA-jfmj-5v4g-7637)
- [CVE-2024-5569](https://togithub.com/advisories/GHSA-jfmj-5v4g-7637)
- [Release notes for zipp 3.19.1](https://pypi.org/project/zipp/3.19.1/)
### [`v0.38.0`](https://togithub.com/rojopolis/spellcheck-github-actions/blob/HEAD/CHANGELOG.md#0380-2024-06-13-maintenance-release-update-not-required)
[Compare Source](https://togithub.com/rojopolis/spellcheck-github-actions/compare/0.37.0...0.38.0)
- Docker image updated to Python 3.12.4 slim via PR [#202](https://togithub.com/rojopolis/spellcheck-github-actions/pull/202) from Dependabot. [Release notes for Python 3.12.4](https://docs.python.org/release/3.12.4/whatsnew/changelog.html)
Configuration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.37.0->0.40.0Release Notes
rojopolis/spellcheck-github-actions (rojopolis/spellcheck-github-actions)
### [`v0.40.0`](https://togithub.com/rojopolis/spellcheck-github-actions/blob/HEAD/CHANGELOG.md#0400-2024-07-18-maintenance-release-update-recommended) [Compare Source](https://togithub.com/rojopolis/spellcheck-github-actions/compare/0.39.0...0.40.0) - Minor error in the previous release, re-releasing as `0.40.0` see changes from `0.39.0` below ### [`v0.39.0`](https://togithub.com/rojopolis/spellcheck-github-actions/blob/HEAD/CHANGELOG.md#0390-2024-07-17-maintenance-release-update-recommended) [Compare Source](https://togithub.com/rojopolis/spellcheck-github-actions/compare/0.38.0...0.39.0) - PR from [@snyk-bot](https://togithub.com/snyk-bot) [#204](https://togithub.com/rojopolis/spellcheck-github-actions/pull/204) this updates the indirect Python dependency `zipp` from version `3.15.0` to `3.19.1` The dependency has a security flaw, please see below references. Do note `zipp` is not a direct dependency, but it is a dependency of `importlib-metadata`, which is a dependency of `pyspelling`, which is the core component of this action. By indicating is as a direct dependency of version 3.19.1, we can ensure that the action is not vulnerable, even though the vulnerability might not directly exploitable in the context of this action. References: - [Snyk description of issue](https://security.snyk.io/package/pip/zipp/3.15.0) - [GitHub Security Advisory](https://togithub.com/advisories/GHSA-jfmj-5v4g-7637) - [CVE-2024-5569](https://togithub.com/advisories/GHSA-jfmj-5v4g-7637) - [Release notes for zipp 3.19.1](https://pypi.org/project/zipp/3.19.1/) ### [`v0.38.0`](https://togithub.com/rojopolis/spellcheck-github-actions/blob/HEAD/CHANGELOG.md#0380-2024-06-13-maintenance-release-update-not-required) [Compare Source](https://togithub.com/rojopolis/spellcheck-github-actions/compare/0.37.0...0.38.0) - Docker image updated to Python 3.12.4 slim via PR [#202](https://togithub.com/rojopolis/spellcheck-github-actions/pull/202) from Dependabot. [Release notes for Python 3.12.4](https://docs.python.org/release/3.12.4/whatsnew/changelog.html)Configuration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.