From bae9a22b4e4e4da5d473c94eacd77f5742e181d6 Mon Sep 17 00:00:00 2001 From: jonasbn Date: Thu, 18 May 2023 12:20:30 +0200 Subject: [PATCH 1/3] Added heading for anchoring the note on use of the canonical version --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 29a4b09c..0d7adcfb 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,8 @@ This configuration file must be created in a the `.github/workflows/` directory. For example, it could be named `.github/workflows/spelling_action.yml` for easy identification, if other actions are present. +### Using a Canonical Version + In the above example, the configuration is pointing to the exact version of `0.32.0`, this repository also offers the canonical version `v0`, so there is less hassle keeping the action up to date. ```yaml From ade20cb3b402b181103422c9f4b8df4dd117fdc4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 14 Jun 2023 18:49:07 +0000 Subject: [PATCH 2/3] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 - https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ed16c562..ba3776e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # REF: https://hub.docker.com/_/python -FROM python:3.11.3-slim-bullseye +FROM python:3-slim-bullseye LABEL "com.github.actions.name"="Spellcheck Action" LABEL "com.github.actions.description"="Check spelling of files in repository" From 87eb30926e1b8d3e68ffa300c7747f0617894640 Mon Sep 17 00:00:00 2001 From: jonasbn Date: Fri, 16 Jun 2023 19:34:27 +0200 Subject: [PATCH 3/3] Preparing maintance release 0.33.0 --- CHANGELOG.md | 4 ++++ Dockerfile | 2 +- README.md | 14 +++++++------- action.yml | 2 +- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b62c118d..2c8848d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change Log for spellcheck-github-actions +## 0.33.0, 2023-06-16, maintenance release, update not required + +- Docker image updated to Python 3.11.4 slim via PR [#164](https://github.com/rojopolis/spellcheck-github-actions/pull/164) from Snyk. [Release notes for Python 3.11.4](https://docs.python.org/release/3.11.4/whatsnew/changelog.html) + ## 0.32.0, 2023-05-18, security patch release, update recommended - @dependabot raised [an alert](https://github.com/rojopolis/spellcheck-github-actions/security/dependabot/3) for the used dependency: [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions). The vulnerability is labelled as [CVE-2023-32309](https://nvd.nist.gov/vuln/detail/CVE-2023-32309). The issue has been present in [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) since version [1.5.0](https://github.com/facelessuser/pymdown-extensions/releases/tag/1.5.0) and is patched in version [10.0](https://github.com/facelessuser/pymdown-extensions/releases/tag/10.0). diff --git a/Dockerfile b/Dockerfile index ba3776e9..5d56dbae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # REF: https://hub.docker.com/_/python -FROM python:3-slim-bullseye +FROM python:3.11.4-slim-bullseye LABEL "com.github.actions.name"="Spellcheck Action" LABEL "com.github.actions.description"="Check spelling of files in repository" diff --git a/README.md b/README.md index 0d7adcfb..b56ea51a 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: steps: # The checkout step - uses: actions/checkout@v3 - - uses: rojopolis/spellcheck-github-actions@0.32.0 + - uses: rojopolis/spellcheck-github-actions@0.33.0 name: Spellcheck ``` @@ -68,7 +68,7 @@ For example, it could be named `.github/workflows/spelling_action.yml` for easy ### Using a Canonical Version -In the above example, the configuration is pointing to the exact version of `0.32.0`, this repository also offers the canonical version `v0`, so there is less hassle keeping the action up to date. +In the above example, the configuration is pointing to the exact version of `0.33.0`, this repository also offers the canonical version `v0`, so there is less hassle keeping the action up to date. ```yaml name: Spellcheck Action @@ -156,7 +156,7 @@ jobs: steps: # The checkout step - uses: actions/checkout@v3 - - uses: rojopolis/spellcheck-github-actions@0.32.0 + - uses: rojopolis/spellcheck-github-actions@0.33.0 name: Spellcheck with: source_files: README.md CHANGELOG.md notes/Notes.md @@ -184,7 +184,7 @@ jobs: steps: # The checkout step - uses: actions/checkout@v3 - - uses: rojopolis/spellcheck-github-actions@0.32.0 + - uses: rojopolis/spellcheck-github-actions@0.33.0 name: Spellcheck with: source_files: README.md CHANGELOG.md notes/Notes.md @@ -264,7 +264,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: rojopolis/spellcheck-github-actions@0.32.0 + - uses: rojopolis/spellcheck-github-actions@0.33.0 name: Spellcheck with: config_path: config/.spellcheck.yml # put path to configuration file here @@ -430,7 +430,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: rojopolis/spellcheck-github-actions@0.32.0 + - uses: rojopolis/spellcheck-github-actions@0.33.0 name: Spellcheck with: config_path: .github/spellcheck.yml # <--- put path to configuration file here @@ -645,7 +645,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: rojopolis/spellcheck-github-actions@0.32.0 + - uses: rojopolis/spellcheck-github-actions@0.33.0 name: Spellcheck ``` diff --git a/action.yml b/action.yml index bd91d026..57604f71 100644 --- a/action.yml +++ b/action.yml @@ -23,4 +23,4 @@ branding: icon: type runs: using: docker - image: 'docker://jonasbn/github-action-spellcheck:0.32.0' + image: 'docker://jonasbn/github-action-spellcheck:0.33.0'