Skip to content

Comments

Bump streetsidesoftware/cspell-action from 7 to 8#243

Merged
kernelsam merged 6 commits intomainfrom
dependabot/github_actions/streetsidesoftware/cspell-action-8
Nov 19, 2025
Merged

Bump streetsidesoftware/cspell-action from 7 to 8#243
kernelsam merged 6 commits intomainfrom
dependabot/github_actions/streetsidesoftware/cspell-action-8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2025

Bumps streetsidesoftware/cspell-action from 7 to 8.

Release notes

Sourced from streetsidesoftware/cspell-action's releases.

v8.0.0

8.0.0 (2025-11-08)

⚠ BREAKING CHANGES

  • Use node24 runner (#2494)

Features

Updates and Bug Fixes

v7.2.1

7.2.1 (2025-10-26)

Updates and Bug Fixes

  • empty report setting will use the value in a config file if it is defined, otherwise use all (374c805)
  • Make sure the report default is undefined (#2475) (33d4ba9)
  • Update CSpell version (9.2.1) (#2426) (c7313f0)
  • Update CSpell version (9.2.2) (#2460) (f604f36)
  • Update Dictionaries and Dependencies (#2404) (42b73be)
  • Update Dictionaries and Dependencies (#2416) (b7f60aa)
  • Update Dictionaries and Dependencies (#2419) (12aaed9)
  • Update Dictionaries and Dependencies (#2433) (910b662)
  • Update Dictionaries and Dependencies (#2435) (904b6fc)
  • Workflow Bot -- Update ALL Dependencies (main) (#2403) (22b01fb)
  • Workflow Bot -- Update ALL Dependencies (main) (#2417) (db2a037)
  • Workflow Bot -- Update ALL Dependencies (main) (#2434) (cb25c56)
  • Workflow Bot -- Update ALL Dependencies (main) (#2446) (b54e668)
  • Workflow Bot -- Update ALL Dependencies (main) (#2448) (72ae91e)
  • Workflow Bot -- Update ALL Dependencies (main) (#2451) (5ebb234)

v7.2.0

7.2.0 (2025-07-26)

Features

Updates and Bug Fixes

... (truncated)

Changelog

Sourced from streetsidesoftware/cspell-action's changelog.

8.0.0 (2025-11-08)

⚠ BREAKING CHANGES

  • Use node24 runner (#2494)

Features

Updates and Bug Fixes

7.2.1 (2025-10-26)

Updates and Bug Fixes

  • empty report setting will use the value in a config file if it is defined, otherwise use all (374c805)
  • Make sure the report default is undefined (#2475) (33d4ba9)
  • Update CSpell version (9.2.1) (#2426) (c7313f0)
  • Update CSpell version (9.2.2) (#2460) (f604f36)
  • Update Dictionaries and Dependencies (#2404) (42b73be)
  • Update Dictionaries and Dependencies (#2416) (b7f60aa)
  • Update Dictionaries and Dependencies (#2419) (12aaed9)
  • Update Dictionaries and Dependencies (#2433) (910b662)
  • Update Dictionaries and Dependencies (#2435) (904b6fc)
  • Workflow Bot -- Update ALL Dependencies (main) (#2403) (22b01fb)
  • Workflow Bot -- Update ALL Dependencies (main) (#2417) (db2a037)
  • Workflow Bot -- Update ALL Dependencies (main) (#2434) (cb25c56)
  • Workflow Bot -- Update ALL Dependencies (main) (#2446) (b54e668)
  • Workflow Bot -- Update ALL Dependencies (main) (#2448) (72ae91e)
  • Workflow Bot -- Update ALL Dependencies (main) (#2451) (5ebb234)

7.2.0 (2025-07-26)

Features

Updates and Bug Fixes

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #2494
Resolves #2487
Resolves #2477
Resolves #2475
Resolves #2426
Resolves #2460
Resolves #2404
Resolves #2416
Resolves #2419
Resolves #2433
Resolves #2435
Resolves #2403
Resolves #2417
Resolves #2434
Resolves #2446
Resolves #2448
Resolves #2451
Resolves #2391
Resolves #2394
Resolves #2481
Resolves #2495
Resolves #2496
Resolves #2486
Resolves #2488
Resolves #2485
Resolves #2476
Resolves #2478

Bumps [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action) from 7 to 8.
- [Release notes](https://github.com/streetsidesoftware/cspell-action/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md)
- [Commits](streetsidesoftware/cspell-action@v7...v8)

---
updated-dependencies:
- dependency-name: streetsidesoftware/cspell-action
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 10, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 10, 2025 04:09
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 10, 2025
@docktermj docktermj self-assigned this Nov 10, 2025
@docktermj docktermj requested a review from a team as a code owner November 10, 2025 19:43
@kernelsam kernelsam assigned kernelsam and unassigned docktermj Nov 10, 2025
@docktermj docktermj self-assigned this Nov 19, 2025
@kernelsam kernelsam enabled auto-merge (squash) November 19, 2025 19:27
@github-actions
Copy link

🤖 Claude Code Review

Good, the AQAAAD string only appears in documentation/config files (the PR prompt itself and cspell.json), not in actual license files. Now let me verify no actual code changes are being made and provide the final review:

PR Code Review - Dependency Updates

Code Quality

✅ Code follows style guide

The PR contains zero code changes - it only updates dependency versions in go.mod, go.sum, and upgrades the GitHub Actions workflow. Since no actual code is modified, style guide compliance is N/A but passes by default.

✅ No commented-out code

No code files were modified.

✅ Meaningful variable names

No code files were modified.

✅ DRY principle followed

No code files were modified.

✅ Identify Defects

No defects found. The changes are:

  1. .github/workflows/golangci-lint.yaml:60 - Upgraded golangci/golangci-lint-action from v8 to v9 (staying current with linter action)
  2. Dependency updates in go.mod and go.sum:
    • golang.org/x/sys v0.37.0 → v0.38.0 (patch update)
    • google.golang.org/genproto/googleapis/rpc updated to newer commit hash (routine maintenance)

All changes are minor version bumps or patch updates with no breaking changes or security vulnerabilities introduced.


Testing

✅ Unit tests for new functions

N/A - No new functions added. Existing test suite remains unchanged (15 test files found in repository).

✅ Integration tests for new endpoints

N/A - No new endpoints added.

✅ Edge cases covered

N/A - No new code logic added.

⚠️ Test coverage > 80%

Cannot verify - No test coverage report provided in the PR. However, since no code was modified, existing coverage should remain unchanged. Recommendation: Run go test -cover ./... to verify coverage hasn't regressed.


Documentation

✅ README updated if needed

README does not require updates - dependency version bumps are infrastructure changes that don't affect user-facing functionality or API usage.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - No code changes.

❌ CHANGELOG.md updated

Missing CHANGELOG entry. The CHANGELOG.md:8-10 shows "## [Unreleased]" with just a dash placeholder. This PR should add an entry such as:

## [Unreleased]

### Changed

- Upgrade dependencies
  - golang.org/x/sys v0.38.0
  - google.golang.org/genproto/googleapis/rpc (updated to 2025-11-10)
- Update golangci-lint GitHub Action from v8 to v9

File: CHANGELOG.md:8-10


Security

✅ No hardcoded credentials

No code changes; no credentials added.

✅ Input validation implemented

N/A - No new input handling code.

✅ Proper error handling

N/A - No code changes.

✅ No sensitive data in logs

N/A - No logging changes.

✅ No license files (.lic) or AQAAAD strings

Verified: No .lic files found in repository. The AQAAAD string appears only in:

  • build-resources/claude/pr-prompt.md:33 (this review template)
  • prompt-temp.md:33 (temporary file with review template)
  • build-resources/.vscode/cspell.json:7 (spell checker allowlist)

No security concerns.


Summary

Overall Assessment: ✅ APPROVED with minor documentation fix needed

This is a clean dependency maintenance PR with:

  • ✅ Safe, routine dependency updates
  • ✅ Appropriate GitHub Actions version upgrade
  • ✅ No code changes or security concerns
  • Only issue: Missing CHANGELOG.md entry (should document the dependency upgrades)

Recommendation: Add a CHANGELOG entry documenting these dependency updates before merging, following the pattern seen in previous entries like 0.8.13 and 0.8.12 which also documented dependency upgrades.

Automated code review analyzing defects and coding standards

@kernelsam kernelsam merged commit 5080411 into main Nov 19, 2025
39 checks passed
@kernelsam kernelsam deleted the dependabot/github_actions/streetsidesoftware/cspell-action-8 branch November 19, 2025 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants