I have just returned after a 3-day hike in Sweden, so some time at the computer is most welcome, since my legs are pretty worn.
The release of 0.25.0 of the GitHub Spellcheck Action consists of PRs from two bots. One bumps the base image for the Docker image, so as always to not fall too much behind on maintenance doing baby steps.
The other one is a fix to a recently discovered security issue in the Python library lxml
.
The proposed fix from Snyk was to bump the required version from 4.6.5 to 4.9.1. The Snyk report is available here:
In addition there are descriptions as both CVE and CWE:
I am not sure how relevant and critical the issue is in the context of this GitHub action, but I always tend to take these things seriously - better safe than sorry.
Change Log
0.25.0, 2022-07-08, maintenance release, update recommended
lxml
requirement bumped from version 4.6.5 to 4.9.1 addressing a security issue SNYK-PYTHON-LXML-2940874 / CVE-2022-2309 / CWE-476 via PR #104 from @snyk-botDocker image updated to Python 3.10.5 slim from 3.10.4 slim via PR #102 from @dependabot