Skip to content

Use @azure-tools/cspell for spelling pin package name #12734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Use @azure-tools/cspell for spelling pin package name #12734

wants to merge 3 commits into from

Conversation

@danieljurek
Copy link
Member

@danieljurek danieljurek commented Oct 31, 2025
edited
Loading

The name cspell-version-pin was used to deliver malware (GHSA-pxjc-7552-fh9c). This uses a namespace over which we have control.

@danieljurek danieljurek requested a review from a team as a code owner October 31, 2025 21:25
Copilot AI review requested due to automatic review settings October 31, 2025 21:25
Copilot AI reviewed Oct 31, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the cspell package configuration to align with best practices for dependency management. The changes rename the package, mark it as private, and pin the cspell dependency to an exact version.

Key Changes:

  • Package renamed from "cspell-version-pin" to "@azure-tools/cspell" with scoped naming
  • Package marked as private to prevent accidental publication
  • cspell dependency version changed from caret range (^9.2.1) to exact version (9.2.1)

@danieljurek danieljurek self-assigned this Oct 31, 2025
mikeharder
mikeharder reviewed Oct 31, 2025
View reviewed changes
@azure-sdk
Copy link
Collaborator

azure-sdk commented Oct 31, 2025

The following pipelines have been queued for testing:
java - template
java - template - tests
js - template
net - template
net - template - tests
python - template
python - template - tests
You can sign off on the approval gate to test the release stage of each pipeline.
See eng/common workflow

@azure-sdk
Copy link
Collaborator

azure-sdk commented Oct 31, 2025

The following pipelines have been queued for testing:
java - template
java - template - tests
js - template
net - template
net - template - tests
python - template
python - template - tests
You can sign off on the approval gate to test the release stage of each pipeline.
See eng/common workflow

This was referenced Oct 31, 2025
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikeharder mikeharder mikeharder left review comments

Copilot code review Copilot Copilot left review comments

@weshaggard weshaggard weshaggard approved these changes

Assignees

@danieljurek danieljurek

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@danieljurek @azure-sdk @weshaggard @mikeharder