Bump rojopolis/spellcheck-github-actions from 0.38.0 to 0.40.0

[dependabot]

Bumps rojopolis/spellcheck-github-actions from 0.38.0 to 0.40.0.

Release notes

Sourced from rojopolis/spellcheck-github-actions's releases.

0.40.0

Full Changelog: rojopolis/spellcheck-github-actions@0.39.0...0.40.0

0.39.0

What's Changed

• [Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 by @​jonasbn in rojopolis/spellcheck-github-actions#204

Full Changelog: rojopolis/spellcheck-github-actions@0.38.0...0.39.0

Changelog

Sourced from rojopolis/spellcheck-github-actions's changelog.

0.40.0, 2024-07-18, maintenance release, update recommended

• Minor error in the previous release, re-releasing as 0.40.0 see changes from 0.39.0 below

0.39.0, 2024-07-17, maintenance release, update recommended

• PR from @​snyk-bot #204 this updates the indirect Python dependency zipp from version 3.15.0 to 3.19.1 The dependency has a security flaw, please see below references.

  Do note zipp is not a direct dependency, but it is a dependency of importlib-metadata, which is a dependency of pyspelling, which is the core component of this action.

  By indicating is as a direct dependency of version 3.19.1, we can ensure that the action is not vulnerable, even though the vulnerability might not directly exploitable in the context of this action.

  References:

  • Snyk description of issue
  • GitHub Security Advisory
  • CVE-2024-5569
  • Release notes for zipp 3.19.1

Commits

• cd079c0 Releasing 0.39.0 as 0.40.0, see change log
• 5922d6e Added another word to the dictionary
• d865bc5 Preparing release 0.39.0
• f6767d0 Merge pull request #204 from rojopolis/snyk-fix-93589d319b150c2775175cd948c8100c
• 5401ddd fix: requirements.txt to reduce vulnerabilities
• 47dfed7 Added autodie
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: maintenance.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.01%. Comparing base (963b9ec) to head (c156e64).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #64   +/-   ##
=======================================
  Coverage   75.01%   75.01%           
=======================================
  Files         132      132           
  Lines       34367    34367           
=======================================
  Hits        25782    25782           
  Misses       8585     8585           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.