Bump rojopolis/spellcheck-github-actions from 0.60.0 to 0.62.0#102
Bump rojopolis/spellcheck-github-actions from 0.60.0 to 0.62.0#102dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions) from 0.60.0 to 0.62.0. - [Release notes](https://github.com/rojopolis/spellcheck-github-actions/releases) - [Changelog](https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md) - [Commits](rojopolis/spellcheck-github-actions@0.60.0...0.62.0) --- updated-dependencies: - dependency-name: rojopolis/spellcheck-github-actions dependency-version: 0.62.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Kusari Analysis Results:Caution Flagged Issues Detected The dependency analysis found no issues. However, the code analysis identified two high-severity supply chain risks in the GitHub Actions workflows. In both Note View full detailed analysis result for more information on the output and the checks that were run. Required Code MitigationsThe action
|
| diff content/es/.wordlist.txt <(LC_ALL= sort -f content/es/.wordlist.txt) | ||
| - name: GitHub Spellcheck Action | ||
| uses: rojopolis/spellcheck-github-actions@0.60.0 | ||
| uses: rojopolis/spellcheck-github-actions@0.62.0 |
There was a problem hiding this comment.
The action rojopolis/spellcheck-github-actions is pinned to a mutable version tag @0.62.0. Pin this action to a full immutable commit SHA instead to prevent supply chain attacks. Obtain the SHA from the action's release history and use the format rojopolis/spellcheck-github-actions@<full-commit-sha>.
|
|
||
| - name: GitHub Spellcheck Action | ||
| uses: rojopolis/spellcheck-github-actions@0.60.0 | ||
| uses: rojopolis/spellcheck-github-actions@0.62.0 |
There was a problem hiding this comment.
The action rojopolis/spellcheck-github-actions is pinned to a mutable version tag @0.62.0. Pin this action to a full immutable commit SHA instead to prevent supply chain attacks. Obtain the SHA from the action's release history and use the format rojopolis/spellcheck-github-actions@<full-commit-sha>.
Bumps rojopolis/spellcheck-github-actions from 0.60.0 to 0.62.0.
Release notes
Sourced from rojopolis/spellcheck-github-actions's releases.
Changelog
Sourced from rojopolis/spellcheck-github-actions's changelog.
... (truncated)
Commits
390a08eMerge pull request #361 from rojopolis/release-0.62.07c0a079Fix YAML indentation in README with: blocks56f3bd3Updated local dictionary9d173e1Release 0.62.01d3c839Bumped Markdown dependency version to patched version (#359)014e739Bumped pymdown-extensions to a patched version (#358)76b3c1dMerge pull request #357 from rojopolis/lxml_upgrade8475314Bumped lxml version to address known CVEs4ec661eClarified examples in READMEd90f3c8Merge pull request #356 from rojopolis/workflow_clean_up_follow_upDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)