Bump streetsidesoftware/cspell-action from 7 to 8

[dependabot]

Bumps streetsidesoftware/cspell-action from 7 to 8.

Release notes

Sourced from streetsidesoftware/cspell-action's releases.

v8.0.0

8.0.0 (2025-11-08)

⚠ BREAKING CHANGES

• Use node24 runner (#2494)

Features

• Update CSpell version (9.3.0) (#2487) (cfa07c9)
• Use node24 runner (#2494) (10ce4d6)

Updates and Bug Fixes

• Update Dictionaries and Dependencies (#2477) (fcec23c)

v7.2.1

7.2.1 (2025-10-26)

Updates and Bug Fixes

• empty report setting will use the value in a config file if it is defined, otherwise use all (374c805)
• Make sure the report default is undefined (#2475) (33d4ba9)
• Update CSpell version (9.2.1) (#2426) (c7313f0)
• Update CSpell version (9.2.2) (#2460) (f604f36)
• Update Dictionaries and Dependencies (#2404) (42b73be)
• Update Dictionaries and Dependencies (#2416) (b7f60aa)
• Update Dictionaries and Dependencies (#2419) (12aaed9)
• Update Dictionaries and Dependencies (#2433) (910b662)
• Update Dictionaries and Dependencies (#2435) (904b6fc)
• Workflow Bot -- Update ALL Dependencies (main) (#2403) (22b01fb)
• Workflow Bot -- Update ALL Dependencies (main) (#2417) (db2a037)
• Workflow Bot -- Update ALL Dependencies (main) (#2434) (cb25c56)
• Workflow Bot -- Update ALL Dependencies (main) (#2446) (b54e668)
• Workflow Bot -- Update ALL Dependencies (main) (#2448) (72ae91e)
• Workflow Bot -- Update ALL Dependencies (main) (#2451) (5ebb234)

v7.2.0

7.2.0 (2025-07-26)

Features

• Update CSpell version (9.2.0) (#2391) (7b25076)

Updates and Bug Fixes

... (truncated)

Changelog

Sourced from streetsidesoftware/cspell-action's changelog.

8.0.0 (2025-11-08)

⚠ BREAKING CHANGES

• Use node24 runner (#2494)

Features

• Update CSpell version (9.3.0) (#2487) (cfa07c9)
• Use node24 runner (#2494) (10ce4d6)

Updates and Bug Fixes

• Update Dictionaries and Dependencies (#2477) (fcec23c)

7.2.1 (2025-10-26)

Updates and Bug Fixes

• empty report setting will use the value in a config file if it is defined, otherwise use all (374c805)
• Make sure the report default is undefined (#2475) (33d4ba9)
• Update CSpell version (9.2.1) (#2426) (c7313f0)
• Update CSpell version (9.2.2) (#2460) (f604f36)
• Update Dictionaries and Dependencies (#2404) (42b73be)
• Update Dictionaries and Dependencies (#2416) (b7f60aa)
• Update Dictionaries and Dependencies (#2419) (12aaed9)
• Update Dictionaries and Dependencies (#2433) (910b662)
• Update Dictionaries and Dependencies (#2435) (904b6fc)
• Workflow Bot -- Update ALL Dependencies (main) (#2403) (22b01fb)
• Workflow Bot -- Update ALL Dependencies (main) (#2417) (db2a037)
• Workflow Bot -- Update ALL Dependencies (main) (#2434) (cb25c56)
• Workflow Bot -- Update ALL Dependencies (main) (#2446) (b54e668)
• Workflow Bot -- Update ALL Dependencies (main) (#2448) (72ae91e)
• Workflow Bot -- Update ALL Dependencies (main) (#2451) (5ebb234)

7.2.0 (2025-07-26)

Features

• Update CSpell version (9.2.0) (#2391) (7b25076)

Updates and Bug Fixes

• Update Dictionaries and Dependencies (#2394) (fc07b1d)

... (truncated)

Commits

• 3294df5 chore(main): release 8.0.0 (#2481)
• 27fc863 ci: Workflow Bot -- Update ALL Dependencies (main) (#2495)
• e59482d chore: Migrate from node 20 to 24 (#2496)
• 10ce4d6 feat!: Use node24 runner (#2494)
• 9989d81 ci: Workflow Bot -- Update ALL Dependencies (main) (#2486)
• 637be43 chore: Update PNPM (#2488)
• cfa07c9 feat: Update CSpell version (9.3.0) (#2487)
• cbc266a ci: Workflow Bot -- Update ALL Dependencies (main) (#2485)
• af51ed1 ci: Workflow Bot -- Update ALL Dependencies (main) (#2476)
• 3c5ebe2 chore: Update PNPM (#2478)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #2494
Resolves #2487
Resolves #2477
Resolves #2475
Resolves #2426
Resolves #2460
Resolves #2404
Resolves #2416
Resolves #2419
Resolves #2433
Resolves #2435
Resolves #2403
Resolves #2417
Resolves #2434
Resolves #2446
Resolves #2448
Resolves #2451
Resolves #2391
Resolves #2394
Resolves #2481
Resolves #2495
Resolves #2496
Resolves #2486
Resolves #2488
Resolves #2485
Resolves #2476
Resolves #2478

[github-actions]

🤖 Claude Code Review

Good, the AQAAAD string only appears in documentation/config files (the PR prompt itself and cspell.json), not in actual license files. Now let me verify no actual code changes are being made and provide the final review:

PR Code Review - Dependency Updates

Code Quality

✅ Code follows style guide

The PR contains zero code changes - it only updates dependency versions in go.mod, go.sum, and upgrades the GitHub Actions workflow. Since no actual code is modified, style guide compliance is N/A but passes by default.

✅ No commented-out code

No code files were modified.

✅ Meaningful variable names

No code files were modified.

✅ DRY principle followed

No code files were modified.

✅ Identify Defects

No defects found. The changes are:

1. .github/workflows/golangci-lint.yaml:60 - Upgraded golangci/golangci-lint-action from v8 to v9 (staying current with linter action)
2. Dependency updates in go.mod and go.sum:
   • golang.org/x/sys v0.37.0 → v0.38.0 (patch update)
   • google.golang.org/genproto/googleapis/rpc updated to newer commit hash (routine maintenance)

All changes are minor version bumps or patch updates with no breaking changes or security vulnerabilities introduced.

---

Testing

✅ Unit tests for new functions

N/A - No new functions added. Existing test suite remains unchanged (15 test files found in repository).

✅ Integration tests for new endpoints

N/A - No new endpoints added.

✅ Edge cases covered

N/A - No new code logic added.

⚠️ Test coverage > 80%

Cannot verify - No test coverage report provided in the PR. However, since no code was modified, existing coverage should remain unchanged. Recommendation: Run go test -cover ./... to verify coverage hasn't regressed.

---

Documentation

✅ README updated if needed

README does not require updates - dependency version bumps are infrastructure changes that don't affect user-facing functionality or API usage.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - No code changes.

❌ CHANGELOG.md updated

Missing CHANGELOG entry. The CHANGELOG.md:8-10 shows "## [Unreleased]" with just a dash placeholder. This PR should add an entry such as:

## [Unreleased]

### Changed

- Upgrade dependencies
  - golang.org/x/sys v0.38.0
  - google.golang.org/genproto/googleapis/rpc (updated to 2025-11-10)
- Update golangci-lint GitHub Action from v8 to v9

File: CHANGELOG.md:8-10

---

Security

✅ No hardcoded credentials

No code changes; no credentials added.

✅ Input validation implemented

N/A - No new input handling code.

✅ Proper error handling

N/A - No code changes.

✅ No sensitive data in logs

N/A - No logging changes.

✅ No license files (.lic) or AQAAAD strings

Verified: No .lic files found in repository. The AQAAAD string appears only in:

• build-resources/claude/pr-prompt.md:33 (this review template)
• prompt-temp.md:33 (temporary file with review template)
• build-resources/.vscode/cspell.json:7 (spell checker allowlist)

No security concerns.

---

Summary

Overall Assessment: ✅ APPROVED with minor documentation fix needed

This is a clean dependency maintenance PR with:

• ✅ Safe, routine dependency updates
• ✅ Appropriate GitHub Actions version upgrade
• ✅ No code changes or security concerns
• ❌ Only issue: Missing CHANGELOG.md entry (should document the dependency upgrades)

Recommendation: Add a CHANGELOG entry documenting these dependency updates before merging, following the pattern seen in previous entries like 0.8.13 and 0.8.12 which also documented dependency upgrades.

Automated code review analyzing defects and coding standards