Hot of the press release of 0.19.0 of Spellcheck GitHub Action.
This release was aimed at being a maintenance release, based on a PR from the tireless @dependabot, making sure the Docker base image is kept up to date. Another bot stole it's thunder with a PR bumping a core dependency to a newer version, which had some security vulnerabilities patched.
Release 0.19.0 is available on DockerHub and in the GitHub Marketplace.
All I have done for this release, apart from releasing it, was reviewing, building and testing - thanks to my tireless bot contributors: @dependabot and @snyk-bot
Change log
0.19.0, 2021-12-18, security release , update recommended
- Requirement lxml updated from 4.6.3 to 4.6.5 via PR #71 from @snyk-bot. This addresses a security, cross-site scripting vulnerability (XSS) in the lxml library, see SNYK-PYTHON-LXML-2316995
From the release notes for lxml 4.6.5:
A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.
A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.
- Docker image updated to Python 3.10.1 slim via PR #70 from @dependabot
Top comments (0)