[Snyk] Security upgrade cspell from 6.31.2 to 8.15.0

[abdulrahman305]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • eng/common/spelling/package.json
  • eng/common/spelling/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 151, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cspell

The new version differs by 250 commits.

• 60b0456 v8.15.0
• 67d1e92 chore: bump eslint-plugin-unicorn from 55.0.0 to 56.0.0 ([service-bus] Sender is crashing when used without context manager Azure/azure-sdk-for-python#6332)
• f9ae319 chore: Update Integration Test Performance Data ([AutoPR cognitiveservices/data-plane/LUIS/Runtime] chore: jsonfmt cognitiveservices Azure/azure-sdk-for-python#6348)
• 27fbde4 ci: Workflow Bot -- Update ALL Dependencies (main) ([AutoPR security/resource-manager] Assessment metadata API (Azure Security Center) Azure/azure-sdk-for-python#6346)
• 8aae629 chore: Update Integration Test Performance Data ([AutoPR devtestlabs/resource-manager] DevTestLabs: Update descriptions of PATCH operations Azure/azure-sdk-for-python#6347)
• abc7548 fix: stdin urls on the command line ([AutoPR consumption/resource-manager] [Hub Generated] Review request for Microsoft.Consumption to add version stable/2019-05-01 Azure/azure-sdk-for-python#6345)
• c52ca70 chore: bump coverallsapp/github-action from 2.3.0 to 2.3.1 ([AutoPR datafactory/resource-manager] [DataFactory]Add AzurePostgreSql Sink and Oracle/SapTable/Netezza Partitions and Several Relational sets Azure/azure-sdk-for-python#6344)
• 194f619 chore: bump actions/cache from 4.0.2 to 4.1.1 ([AutoPR compute/resource-manager] Dev/ccelik/dedicatedhostswagger Azure/azure-sdk-for-python#6339)
• c9ce6e9 chore: bump actions/cache from 4.0.2 to 4.1.1 in /.github/actions/build-for-integrations ([AutoPR servicefabric/resource-manager] Moving sfrp release 2019-03-01 to stable Azure/azure-sdk-for-python#6340)
• 1e3dfb0 chore: bump actions/cache from 4.0.2 to 4.1.1 in /.github/actions/build ([AutoPR securityinsights/resource-manager] Add data connector kinds AzureAdvancedThreatProtection and MicrosoftDefenderAdvancedThreatProtection. Add discovery logs to MicrosoftCloudAppSecurity. Azure/azure-sdk-for-python#6342)
• 6ec4fcf chore: bump actions/cache from 4.0.2 to 4.1.1 in /.github/actions/smoke-test (Python Authentication, creating SP, --password is not supported Azure/azure-sdk-for-python#6341)
• 09524bc chore: Update Integration Test Performance Data ([AutoPR logic/resource-manager] [LogicApps] New Api version Azure/azure-sdk-for-python#6338)
• 11f7c45 ci: Fix Lint -- Workflow Bot ([AutoPR storage/resource-manager] [Do not merge] [SRP] Fix existing errors in Storage swagger Azure/azure-sdk-for-python#6336)
• 38c3e65 chore: Update Integration Test Performance Data (Release Azure.Identity Library Preview 2 for Python Azure/azure-sdk-for-python#6337)
• d822ce4 chore: make sure the clean has enough permissions
• f1ba0a6 ci: Workflow Bot -- Update ALL Dependencies (main) ([AutoPR security/resource-manager] Revert "Add subscription scope to assessment metadata API" Azure/azure-sdk-for-python#6330)
• cad5d8c ci: Workflow Bot -- Update ALL Dependencies (main) (Make private Cosmos modules private [WIP] Azure/azure-sdk-for-python#6329)
• 004bf0f chore: Update Integration Test Performance Data ([AutoPR datafactory/resource-manager] [Datafactory] Add three new connectors Azure/azure-sdk-for-python#6328)
• 0547109 chore: bump typedoc-plugin-markdown from 4.2.7 to 4.2.9 ([EPH] Update vendored storage SDK to the new track 2 library when they're ready Azure/azure-sdk-for-python#6314)
• 973b0a7 ci: Workflow Bot -- Update Integration Snapshots (main) ([AutoPR security/resource-manager] chore: jsonfmt security Azure/azure-sdk-for-python#6327)
• 664c983 chore: Update Integration Test Performance Data ([AutoPR consumption/resource-manager] Dev consumption microsoft.consumption 2019 03 01 preview Azure/azure-sdk-for-python#6326)
• f6843e9 ci: Workflow Bot -- Update ALL Dependencies (main) (Certs sync client impl testing and samples Azure/azure-sdk-for-python#6323)
• 42e2012 chore: Update Integration Test Performance Data (create_batch feature implementation (#6256) Azure/azure-sdk-for-python#6324)
• 3a5a39e fix: Workflow Bot -- Update Dictionaries (main) (Updating HISTORY.rst to reflect sdk changes Azure/azure-sdk-for-python#6325)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Inefficient Regular Expression Complexity

[korbit-ai]

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

• To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
• You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
• On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
• Lastly, to learn more, check out our Docs.

[korbit-ai]

I was unable to write a description for this pull request. This could be because I only found files I can't scan.

[codeautopilot]

PR summary

This Pull Request aims to upgrade the cspell package from version 6.31.2 to 8.15.0 to address a high-severity vulnerability related to inefficient regular expression complexity (SNYK-JS-MICROMATCH-6838728). The upgrade is intended to enhance the security of the project by mitigating potential risks associated with this vulnerability. The changes involve modifications to the package.json and package-lock.json files to reflect the updated version of cspell.

Suggestion

Before merging, ensure that the upgrade does not introduce any breaking changes or compatibility issues with other dependencies or parts of the project. It might be beneficial to run a full suite of tests to verify that the upgrade does not negatively impact the project's functionality. Additionally, review the changelog of cspell for any significant changes that might affect the project. If possible, consider using a tool to automatically test for regressions or issues introduced by the upgrade.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 67.66%

Have feedback or need help?
Discord
Documentation
support@codeautopilot.com

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/cspell@8.15.0	network Transitive: environment, filesystem, unsafe	+116	7.2 MB	jason-dent

🚮 Removed packages: npm/cspell@6.31.2, pypi/configargparse@1.7, pypi/cryptography@43.0.1

View full report↗︎