chore(deps): bump check-spelling/check-spelling from 0.0.21 to 0.0.22

[dependabot]

Bumps check-spelling/check-spelling from 0.0.21 to 0.0.22.

Release notes

Sourced from check-spelling/check-spelling's releases.

Release 0.0.22

⏩ Upgrading

• 🏷️ You can just change your workflow tags/references to this release.

🐣 Breaking Changes

🗜️ Reorganized cspell Dictionaries

cspell: dictionaries have been reorganized.

Background

There are 3 related configuration items:

• dictionary_source_prefixes
  • In v0.0.21, this had: "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220816/dictionaries/"
  • In v0.0.22, it has: "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/"
• extra_dictionaries
• check_extra_dictionaries
  • The list has changed between v0.0.21 and v0.0.22, a bunch have moved, some have split, and a bunch have been added.

Migrating

You can migrate in a couple of ways:

• Assuming you haven't set dictionary_source_prefixes, you can temporarily clear extra_dictionaries and check_extra_dictionaries and then use one run to get a new set of recommended extra_dictionaries and then set check_extra_dictionaries (typically to '').
• If you want to keep your current cspell extra_dictionaries, change cspell to cspell_old (or anything that isn't cspell) and set dictionary_source_prefixes to something like this: {"cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220816/dictionaries/", "cspell_old": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220427/dictionaries/"}.

Note that the main branch for check-spelling/cspell-dicts will move (roughly at the time of the v0.0.22 release and again for future releases).

Dropping printf special cases

Background

check-spelling has evolved from a very simple script that included some special handling for \r/\t/\n because it was originally developed to focus on C++ and similar files. Over time, check-spelling has been used on many repositories where these patterns can appear in contexts where they aren't C style escapes, and thus it has outgrown this assumption.

Migrating

You can copy the code from: https://github.com/check-spelling/spell-check-this/blob/b968ca32e0e5961a85c7fe3e9431f81553c3f434/.github/actions/spelling/candidate.patterns#L591-L595 into candidate.patterns and consider one of those patterns is the appropriate pattern to include in your configuration.

If you have workarounds for the old behavior, you should be able to remove them.

💔 Dropping support for broken act

Background

nektos/act is an alternate implementation of the GitHub Actions api environment. Each of check-spelling, GHA, and act have bugs and evolve at different rates (check-spelling releases on by far the slowest cycle). check-spelling had some workarounds for quirks of act from a long time ago and those interacted badly with newer GHA behaviors. In order to simplify life, support for some of those quirks has been removed.

Migrating

Install a newer version of nektos/act.

... (truncated)

Commits

• 00c989c Release 0.0.22
• ba06773 Restructure README
• b8a543f Upgrade to checkout@v4
• 3b11c85 Tolerate more apostrophes
• 697744a Report HTTP response code for dictionary-not-found
• 596ae6b Provide importable commit in report
• 280403b Use ':rotating_light: alerts' for code scanning results
• 5ca992f Clarify that you do not have to use these commands
• 676e503 Fix sarif detection
• bfebcb1 Harmonize report paths
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[codecov-commenter]

Codecov Report

Merging #3364 (9313168) into main (edc82e9) will increase coverage by 0.53%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3364      +/-   ##
==========================================
+ Coverage   77.89%   78.42%   +0.53%     
==========================================
  Files         758      758              
  Lines       11484    11484              
  Branches     1342     1342              
==========================================
+ Hits         8945     9006      +61     
+ Misses       2113     2038      -75     
- Partials      426      440      +14     

Flag	Coverage Δ
win-longtests	78.40% <ø> (+0.51%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 4 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[terriko]

Updating branch to re-run tests. Dependency check was giving us a vuln for check-spelling < 0.19 but... I think it might have been a typo in the vuln report as there's no such version and we're on 0.0.21 with the newest release of 0.0.22 (note the extra 0 in those version numbers.)

[terriko]

Numbers seem to be correct in GAD issue now, but the dependency check was still failing. I've resolved a merge conflict and will let tests run again, maybe the issue is fixed now? (I wouldn't hold my breath)

[terriko]

Updating branch to see if things have changed, but if this is still failing tests I'll likely ignore this version for now. not worth the hassle of debugging further.

[terriko]

Okay, I'm maybe 70% sure that the the problem is that dependency check is comparing the version with the hash and getting nonsense results, so I'm going to try an experiment...

[terriko]

It's messed up that that worked, but I'm just gonna merge it and move on. bloody version compare functions and hashes. I should probably report this somewhere but I don't have the energy for it right now.