Skip to content

Latest commit

 

History

History
414 lines (234 loc) · 28.6 KB

CHANGELOG.md

File metadata and controls

414 lines (234 loc) · 28.6 KB

Change Log for spellcheck-github-actions

0.47.0, 2025-02-11, maintenance release, update not required

0.46.0, 2025-01-07, maintenance release, update not required

0.45.0, 2024-11-05, maintenance release, update not required

  • Docker base image updated from python:3.13.0-slim-bullseye to python:3.13.0-slim-bookworm. Which should give us some time in to live, end of life take into consideration:

0.44.0, 2024-10-25, maintenance release, update not required

  • Docker image updated to Python 3.13.0 slim via PR #217 from Dependabot. Release notes for Python 3.13.0

  • Since lxml was not building I bumped to the latest release 5.3.0. In in relation to that, so I while I was at it I went through the dependencies and updated the ones possible using a PySpelling build as the baseline. The following dependencies were updated:

  • beautifulsoup4 bumped from version 4.12.2 to 4.12.3, see release notes

  • lxml bumped from version 4.9.3 to 5.3.0, see release notes

  • Markdown bumped from version 3.4.4 to 3.7, see release notes

  • pymdown-extensions bumped from version 10.4 to 10.11.2, see release notes

  • PyYAML bumped from version 6.0.1 to 6.0.2, see release notes

  • soupsieve bumped from version 2.5 to 2.6, see release notes

0.43.1, 2024-10-17, bug fix release, update recommended

  • This is an attempt at addressing the conflict between using the PySpelling --source parameter and the sources parameter in the PySpelling configuration file introduced by this action. With the recommendation of using the GitHub Action: tj-actions/changed-files, the use of the --source flag was adopted, but this bypasses the filtering mechanism, which can be enabled in the configuration file. The update recommendation is due to the fact that you might experience unwanted behaviour if your sources contain negated file patterns. The patch enables application of the configured filter to the source parameters, so the action can be used with the --source parameter and the sources configuration parameter in combination.

0.43.0, 2024-10-08, maintenance release, update not required

0.42.0, 2024-09-22, maintenance release, update not required

0.41.0, 2024-08-12, maintenance release, update not required

0.40.0, 2024-07-18, maintenance release, update recommended

  • Minor error in the previous release, re-releasing as 0.40.0 see changes from 0.39.0 below

0.39.0, 2024-07-17, maintenance release, update recommended

  • PR from @snyk-bot #204 this updates the indirect Python dependency zipp from version 3.15.0 to 3.19.1 The dependency has a security flaw, please see below references.

    Do note zipp is not a direct dependency, but it is a dependency of importlib-metadata, which is a dependency of pyspelling, which is the core component of this action.

    By indicating is as a direct dependency of version 3.19.1, we can ensure that the action is not vulnerable, even though the vulnerability might not directly exploitable in the context of this action.

    References:

0.38.0, 2024-06-13, maintenance release, update not required

0.37.0, 2024-06-01, maintenance release, update not required

0.36.0, 2024-02-06, feature release, update not required

0.35.0, 2023-11-16, maintenance release, update not required

Bumping to Python 3.12.0 slim, introduced a number of dependency updates, not all were required, but I have decided to update quite a few, since the Docker image is rebuilt anyway.

0.34.0, 2023-09-29, maintenance release, update not required

  • Bumped the core component PySpelling to version 2.9, together with wcmatch, bumped to version 2.5, all via PR #174 bu @jonasbn

  • Docker image updated to Python 3.11.5 slim via PR #170 from Snyk. Release notes for Python 3.11.5

  • Added constraint for requirements.txt since one of the dependencies does not support Cython version 3.

I found two guides to fixing the problem:

They state somewhat the same and I have applied a fix via PR #172 now the Docker image can build again

0.33.1, 2023-07-13, bug fix release, update not required

  • An update is recommended if you are using the output_file parameter, since the output file handling was shielding the propagation of the status of the actual spellcheck.

    The issue was observed in #166 reported by @nlhomme, where the action was reporting success, even though the spellcheck was failing.

    The bug information was lifted into a new issue #167 and was addressed in PR #168 by @jonasbn

0.33.0, 2023-06-16, maintenance release, update not required

0.32.0, 2023-05-18, security patch release, update recommended

  • @dependabot raised an alert for the used dependency: pymdown-extensions. The vulnerability is labelled as CVE-2023-32309. The issue has been present in pymdown-extensions since version 1.5.0 and is patched in version 10.0.

  • Snyk has provided a patch via PR #158, which has been tested and no regressions has been observed, even with a version leap for pymdown-extensions. from version 8.2 to 10.0. The GitHub Action has been updated to use the patched version, even though there are no direct use of the vulnerable code in the action, but we do not want to be the source of a vulnerability.

  • pymdown-extensions was increased to version 10.0.1, since a bug fix was released to follow up on the security patch.

0.31.0, 2023-05-16, maintenance release, update not required

0.30.0, 2023-02-20, maintenance release, update not required

  • PySpelling updated from version 2.8.1 to 2.8.2, including several fixes

    • FIX: Ensure that Aspell actually uses the encoding passed to it for dictionaries.
    • FIX: Use a disallow list for problematic or unsupported arguments to the underlying spell checker instead of using a more restrictive allow list.
    • FIX: Fix logic bug in JavaScript filter.

  • Lifted from the release notes for PySpelling

  • Docker image updated to Python 3.11.2 slim via PR #142 from @dependabot. Release notes for Python 3.11.2

0.29.0, 2022-12-29, maintenance release, update not required

  • Docker image updated to Python 3.11.1 slim via PR #139 from @dependabot. Release notes for Python 3.11.1

  • lxml bumped to version 4.9.1 from 4.9.1 to get the build to work, without jumping through too many hoops. We prefer relying on wheel instead of building from source, since lxml can become quite a time sink

0.28.0, 2022-11-16, maintenance release, update not required

0.27.0, 2022-09-09, feature release, update not required

0.26.0, 2022-08-04, maintenance release, update recommended

0.25.0, 2022-07-08, maintenance release, update recommended

0.24.0, 2022-05-17, feature release, update not required

  • @riccardoporreca created issue #68 requested the ability to create an output artifact.

    With release 0.24.0 this is now available.

    The action configuration has to have the output_file parameter specified, which is a new optional parameter.

    name: Spellcheck Action

on:
  workflow_dispatch:
  push:

jobs:
  build:
    name: Spellcheck
    runs-on: ubuntu-latest
    steps:

    - uses: actions/checkout@v3

    - uses: rojopolis/[email protected]
      name: Spellcheck (no output file)
      with:
        source_files: README.md CHANGELOG.md

    - uses: rojopolis/[email protected]
      name: Spellcheck (with output file)
      with:
        source_files: README.md CHANGELOG.md
        task_name: Markdown
        output_file: spellcheck-output.txt

    - uses: actions/upload-artifact@v3
      name: Archive spellcheck output output
      with:
        name: Spellcheck artifact
        path: spellcheck-output.txt

    This introduces the use of the upload-artifact@v3 action.

    The generated artifact can be downloaded via GitHub UI/API, please consult the documentation for details and pointers.

    Thanks to @riccardoporreca for his suggestion.

0.23.2, 2022-05-05, bug fix release, update not required

  • Minor issue in release 0.23.1, the action was not adjusted to the latest release

0.23.1, 2022-05-05, bug fix release, update not required

  • Addressing issue #84 via PR #90 from @jonasbn. With the introduction of use of optional quotes, do note the limitations outlined in the documentation - thanks to @xsaero00 for the bug report

0.23.0, 2022-04-09, feature release, update not required

0.22.1, 2022-02-23, bug fix release, update recommended

  • Testing the new Spanish support feature more thoroughly, demonstrated that the Docker build process was broken and only English worked

    • I addressed issue #57, which demonstrated an issue with the Docker build, the issue is no longer relevant with the simplification of the Docker build via PR: #82 by me (@jonasbn)

0.22.0, 2022-02-21, feature release, update not required

  • Support for the Spanish language. Support requested and implemented by @electrocucaracha via PR #81

0.21.1, 2022-01-25, bug fix release, update required

  • Release 0.21.0 was build and uploaded from the wrong architecture. This release addressed this issue (#79), thanks @chrispat for reporting

0.21.0, 2022-01-24, maintenance release, update not required

  • Docker image updated to Python 3.10.2 slim via PR #78 from @dependabot

0.20.0, 2021-12-21, bug fix release, update recommended

  • Made the version specified in the action.yml follow the version indicated in the repository. Apparently we where pointing to latest, which is good when and if we are backwards compatible and yes we are still in alpha expressed semantically by the version numbers starting with 0 as in 0.20.0. This would however allow for us to release breaking changes, without breaking a lot of workflows, which would fetch the latest Docker image, which can be either unstable or a major release

0.19.0, 2021-12-18, security release, update recommended

  • Requirement lxml updated from 4.6.3 to 4.6.5 via PR #71 from @snyk-bot. This addresses a security, cross-site scripting vulnerability (XSS) in the lxml library, see SNYK-PYTHON-LXML-2316995

From the release notes for lxml 4.6.5:

A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images. A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.

  • Docker image updated to Python 3.10.1 slim via PR #70 from @dependabot

0.18.0, 2021-10-31 feature release, update not required

  • This release introduces an enhancement or new feature if your will, implemented by @riccardoporreca via PR #67. The enhancement takes advantage of the ability to make annotations on actions, so you can from the action overview see an annotation indicating the error by the emitted error message from the action

0.17.0, 2021-10-14 maintenance release, update not required

  • Docker image updated to Python 3.9.7 slim via PR #62 and again to Python 3.10.0 slim via PR #64 both from dependabot

0.16.0 2021-08-15 bug fix release, update recommended

Experienced an issue with the new multi-stage Docker build, where aspell disappears.

This release implements a hack to make use that it is present, by reinstalling it :-/

REF: PR #56 addressing issue #55

The issue in the Docker build is patched, but is still present, see issue #57

0.15.0 2021-08-15 maintenance release, update not required

WARNING! This release is not working, please use release 0.16.0

Issue #53 describes an issue with ignoring Markdown regions with code fences. This was an issue in pyspelling, which is the core component in this action. Luckily @facelessuser, the maintainer of pyspelling was to fix it. So the requirement for pyspelling was bumped from 2.6.1 to 2.7.3

Thanks to @supernovae and @facelessuser

This however demonstrated that several of the dependencies was not up to date.

The following dependencies have been updated:

Additionally some work has been done in regard to the Docker build, so it is possible to specify new languages, using multi-stage build, see PR #39 addressing issue: #13

Please see the Wiki for details.

Thanks to @aSemy and @edumco

  • Thanks to @PeterPetrik for correction to command line example in README

  • Docker image updated to Python 3.9.6 slim via PR #51 from @dependabot

0.14.0 2021-05-13 maintenance release, update not required

  • Docker image updated to Python 3.9.5 slim via PR #48 from @dependabot

0.13.0 2021-04-14 maintenance release, update not required

  • Docker image updated to Python 3.9.4 slim via PR #41 from @dependabot

0.12.0 2021-02-22 maintenance release, update not required

  • Docker image updated to Python 3.9.2 slim via PR #38 from @dependabot

0.11.0 2021-02-19 feature release, update not required

  • Added support for German spelling: lang: de, including: Swiss and Austrian dictionaries addressing issue #35 via PR #36. This is experimental and will need further investigation. Aspell support 53 different dictionaries and supporting them all increases the Docker image size significantly so dynamic loading of dictionaries has to be investigated further, without increasing build time to a point where a pre-built Docker image is not longer feasible

0.10.0 2021-02-06 feature release, update not required

  • Added capability to specify a set of files in the action, bypassing the filename pattern specified in the configuration. Implementation from PR #34 from Matt Calvert, @miff2000

0.9.1 2021-01-12 bug fix release, update not required

  • Minor correction to the documentation, a significant change did not make it into 0.9.0, , PR #32 from Pavel Skipenes, @pavelskipenes

0.9.0 2021-01-11 feature release, update not required

  • Added new ability specify an alternative path to a configuration file, PR #31 from Pavel Skipenes, @pavelskipenes

0.8.0 2021-01-08 feature release, update not required

  • Added support for extensions for Python's Markdown, namely the pymdown-extensions introducing the superfences extension, which can be used to address certain issue, which cannot be handled by handling of codefences by the Python Markdown implementation out of the box

0.7.0 2020-12-14 maintenance release, update not required

  • Docker image updated to Python 3.9.1 slim via PR #27 from @dependabot

0.6.0 2020-10-18 feature release, update recommended

  • Docker image updated to Python 3.9.0 slim

  • Python requirement lxml updated to version 4.6.0, with wheel supporting Python 3.9.0

  • Requirement pyspelling updated to version 2.6.1 from 2.6.0

  • Python requirement backrefs updated to version 4.5

  • Python requirement beautifulsoup4 updated to version 4.9.3

  • Python requirement bracex updated to version 2.0.1

  • Python requirement html5lib updated to version 1.1

  • Python requirement Markdown updated to version 3.3.1

  • Python requirement wcmatch updated to version 7.1

Contribution to documentation by Michael Flaxman, @mflaxman

0.5.0 2020-06-05 feature release, update recommended

  • The action now uses a DockerHub served image, which mean that the Docker image does not have to be built at every invocation

  • The documentation has been updated and the use of the wordlist.txt is no longer default. You have to introduce it yourself into your configuration, meaning that everything still works as expected for existing configurations

  • A minor bug introduced in 0.4.0 in the handling of the wordlist.txt was addressed

0.4.0 2020-05-28 feature release, update recommended

  • Introduced support for: yml extension in addition to yaml for YAML configuration files. Please refer to the documentation for details

  • Introduced support for hidden configuration files, so prefixing the spellcheck configuration file to make it less intrusive in your repository is now supported patch from @sbates130272, PR: #7. Please refer to the documentation for details

  • The default configuration has been limited to Markdown, please see additional examples in the examples/ directory

  • Updates to documentation, still work in progress

  • Improved support to local development using Docker

  • Release 0.3.0 (below) never made it to the GitHub Marketplace, this might be due to a missing action.yml

0.3.0 2020-02-14 bug fix release, update recommended

  • Addressing issue with wordlist.txt file handling

  • This release never made it to the GitHub Marketplace, this might be due to changes in GitHub requirements, please see following release 0.4.0

0.2.0 2019-05-24 feature release, update recommended

  • Introducing support for custom configurations and dictionaries

0.1.0 2019-05-23 feature release

  • Initial release by @rojopolis