[Snyk] Upgrade cspell from 5.2.4 to 5.6.0

[snyk-bot]

Snyk has created this PR to upgrade cspell from 5.2.4 to 5.6.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 28 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-06-05.

Release notes

Package name: cspell

• 5.6.0 - 2021-06-05
  

  v5.6.0

• 5.5.2 - 2021-05-30
  

  v5.5.2

• 5.5.1 - 2021-05-29
  

  v5.5.1

• 5.5.0 - 2021-05-29
  

  v5.5.0

• 5.4.1 - 2021-05-11
  

  v5.4.1

• 5.4.0 - 2021-05-05
  

  v5.4.0

• 5.3.12 - 2021-04-06
  

  v5.3.12

• 5.3.11 - 2021-04-03
  

  v5.3.11

• 5.3.10 - 2021-04-02
  

  v5.3.10

• 5.3.9 - 2021-03-19
  

  v5.3.9

• 5.3.8 - 2021-03-17
• 5.3.7 - 2021-03-05
• 5.3.7-alpha.3 - 2021-03-05
• 5.3.7-alpha.2 - 2021-03-05
• 5.3.7-alpha.1 - 2021-03-05
• 5.3.7-alpha.0 - 2021-03-05
• 5.3.6 - 2021-03-05
• 5.3.5 - 2021-03-05
• 5.3.4 - 2021-03-01
• 5.3.3 - 2021-02-26
• 5.3.2 - 2021-02-26
• 5.3.1 - 2021-02-25
• 5.3.0 - 2021-02-25
• 5.3.0-alpha.4 - 2021-02-25
• 5.3.0-alpha.3 - 2021-02-23
• 5.3.0-alpha.2 - 2021-02-22
• 5.3.0-alpha.1 - 2021-02-19
• 5.3.0-alpha.0 - 2021-02-18
• 5.2.4 - 2021-01-28

from cspell GitHub release notes

Commit messages

Package name: cspell

• cae6c1b v5.6.0
• 76da68c feat: support `.pnp.js` when loading configurations. (Match exact set of errors in schema validation tests graphql/graphql-js#1307)
• 0113d17 ci: Update cspell-action.yml (Create own context for mutation response resolvers graphql/graphql-js#1308)
• 782ed00 ci: Workflow Bot -- Update ALL Dependencies (main) (Upgrade to flow-bin@0.69.0 graphql/graphql-js#1303)
• dbb75a2 ci: ignore abcdefa (Query with variables return null graphql/graphql-js#1296)
• 1c3576a ci: Workflow Bot -- Update ALL Dependencies (Is there a groupby in graphql? If there is, how? graphql/graphql-js#1295)
• 292e2a2 v5.5.2
• ed60551 ci: Workflow Bot -- Update ALL Dependencies (main) (Null is not treated as a value. graphql/graphql-js#1294)
• 888e25d fix: Ignore hash links like `[abcdefa]` (Compile issue with Rollup graphql/graphql-js#1293)
• d87aa65 ci: Workflow Bot -- Update ALL Dependencies (locatedError: correct definition to pass Flow 0.68 check graphql/graphql-js#1292)
• 882c6f7 v5.5.1
• 7129c1b fix: Update CHANGELOG.md (Flow 0.68.0 compatibility graphql/graphql-js#1291)
• 6b8f70a ci: Workflow Bot -- Update ALL Dependencies (Update to Flow v0.68 graphql/graphql-js#1290)
• 275eaed v5.5.0
• 875cc17 ci: Workflow Bot -- Update ALL Dependencies (Execute: simplify + speedup graphql/graphql-js#1286)
• f34b86c ci: Upgrade Jest to 27 (Inheritence or similar technique graphql/graphql-js#1287)
• 9c38156 build(deps-dev): bump ts-json-schema-generator from 0.92.0 to 0.93.0 (Throws descriptive error when non-type used instead of interface graphql/graphql-js#1282)
• bdb43d6 fix: Fix Performance issue when checking long strings of non-words (language/printer not handle line break for comment inside args graphql/graphql-js#1285)
• e34355d ci: Move default branch to `main` ( formatError: put all extensions inside 'extensions' property graphql/graphql-js#1284)
• 32f8959 ci: Workflow Bot -- Update ALL Dependencies (Remove redundant Flow type casts graphql/graphql-js#1278)
• 2621eb0 feat: Remove incorrect Ignore Hex Digits Regexp (Throw error if no possible concrete types found graphql/graphql-js#1277)
• 7c42f35 ci: Workflow Bot -- Update ALL Dependencies (Circular import breaks building with Google Closure Compiler graphql/graphql-js#1275)
• 1248226 build(deps-dev): bump eslint-plugin-import from 2.23.2 to 2.23.3 (Execute: Remove excessive arguments graphql/graphql-js#1268)
• 10b49eb build(deps): bump peter-evans/create-pull-request from 3.9.2 to 3.10.0 (Compile error with webpack 4 graphql/graphql-js#1272)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{ "isLazy": false, "dockerComposeYmlFilePaths": [ "docker-compose.yml" ], "expiry": "00:00:00", "conversationMode": "singleComment" }

Trace ID
14be8160-d6eb-11eb-9271-ec49eb27564c

[guardrails]

⚠️ We detected 5 security issues in this pull request:

Mode: paranoid | Total findings: 5 | Considered vulnerability: 5

Vulnerable Libraries (5)

Severity	Details
Medium	browserslist@4.16.1 upgrade to >4.16.4
Medium	glob-parent@5.1.1 upgrade to >=5.1.2
Medium	hosted-git-info@2.8.8 upgrade to `>=2.8.9
High	lodash@4.17.20 upgrade to >=4.17.21
High	y18n@4.0.0 upgrade to >=5.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.