Yesterday I released version 0.42.0 of the GitHub Action for doing spelling checking of your documentation etc. for which I am the current maintainer.
Again the Python base-image was updated, so now we are pointing to:
3.12.6
I can see that I forgot to write about some of the releases since 0.38.0.
There has been some interesting releases - well releases which was not just a bump of a base image.
0.41.0, 2024-08-12, maintenance release, update not required
- Docker image updated to Python 3.12.5 slim via PR #210 from Dependabot. Release notes for Python 3.12.5
0.40.0, 2024-07-18, maintenance release, update recommended
- Minor error in the previous release, re-releasing as
0.40.0see changes from0.39.0below
0.39.0, 2024-07-17, maintenance release, update recommended
- PR from @snyk-bot #204 this updates the indirect Python dependency
zippfrom version3.15.0to3.19.1The dependency has a security flaw, please see below references.
Do note zipp is not a direct dependency, but it is a dependency of importlib-metadata, which is a dependency of pyspelling, which is the core component of this action.
By indicating is as a direct dependency of version 3.19.1, we can ensure that the action is not vulnerable, even though the vulnerability might not directly exploitable in the context of this action.
References:
But now we are back on track with 0.42.0.
My build script took care of the entire process, well apart from updating the Wiki.
So I am one happy maintainer.
Bug reports, feature requests, PR are as always most welcome
The change log:
0.42.0, 2024-09-22, maintenance release, update not required
- Docker image updated to Python 3.12.6 slim via PR #212 from Dependabot. Release notes for Python 3.12.6
Top comments (0)