[Snyk] Security upgrade cspell from 6.31.2 to 8.15.0

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • eng/common/spelling/package.json
  • eng/common/spelling/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 151, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 151, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cspell

The new version differs by 250 commits.

• 60b0456 v8.15.0
• 67d1e92 chore: bump eslint-plugin-unicorn from 55.0.0 to 56.0.0 (AutoPr-EventGrid-jhendrixMSFT-REST Spec PrNumber 6026 Azure/azure-sdk-for-net#6332)
• f9ae319 chore: Update Integration Test Performance Data (Live Test Design for API Surface and Scenarios (Preview 1) Azure/azure-sdk-for-net#6348)
• 27fbde4 ci: Workflow Bot -- Update ALL Dependencies (main) (Download of SDK tools is slow on macOS and Linux Azure/azure-sdk-for-net#6346)
• 8aae629 chore: Update Integration Test Performance Data ([FEATURE REQ] HttpClient default timeout in ClientRuntime\ServiceClient.cs Azure/azure-sdk-for-net#6347)
• abc7548 fix: stdin urls on the command line (AutoPr-ContainerRegistry-shahzzzam-REST Spec PrNumber 6038 Azure/azure-sdk-for-net#6345)
• c52ca70 chore: bump coverallsapp/github-action from 2.3.0 to 2.3.1 (AutoPr-Billing-amagams-REST Spec PrNumber 6039 Azure/azure-sdk-for-net#6344)
• 194f619 chore: bump actions/cache from 4.0.2 to 4.1.1 (Authorization Compatibility Shim  Azure/azure-sdk-for-net#6339)
• c9ce6e9 chore: bump actions/cache from 4.0.2 to 4.1.1 in /.github/actions/build-for-integrations (Primitives Compatibility Shim Azure/azure-sdk-for-net#6340)
• 1e3dfb0 chore: bump actions/cache from 4.0.2 to 4.1.1 in /.github/actions/build (Reduce diff produced by re-recording test sessions Azure/azure-sdk-for-net#6342)
• 6ec4fcf chore: bump actions/cache from 4.0.2 to 4.1.1 in /.github/actions/smoke-test (Experimentation with multi-pack. Azure/azure-sdk-for-net#6341)
• 09524bc chore: Update Integration Test Performance Data (Partition Receiver Compatibility Shim  Azure/azure-sdk-for-net#6338)
• 11f7c45 ci: Fix Lint -- Workflow Bot (Event Hub Client Compatibility Shim Azure/azure-sdk-for-net#6336)
• 38c3e65 chore: Update Integration Test Performance Data (Event Sender Compatibility Shim Azure/azure-sdk-for-net#6337)
• d822ce4 chore: make sure the clean has enough permissions
• f1ba0a6 ci: Workflow Bot -- Update ALL Dependencies (main) (AutoPr-AzureBridgeAdmin-enihcam-REST Spec PrNumber 6021 Azure/azure-sdk-for-net#6330)
• cad5d8c ci: Workflow Bot -- Update ALL Dependencies (main) (Is old ServiceBus SDK (WindowsAzure.ServiceBus) Open source ? Azure/azure-sdk-for-net#6329)
• 004bf0f chore: Update Integration Test Performance Data (fixed genrate.ps1 and generat.cmd paths Azure/azure-sdk-for-net#6328)
• 0547109 chore: bump typedoc-plugin-markdown from 4.2.7 to 4.2.9 (Add debugging to build pipeline to test if storage tests are running … Azure/azure-sdk-for-net#6314)
• 973b0a7 ci: Workflow Bot -- Update Integration Snapshots (main) (ServiceBus SDK: Added connection string support for RBAC with AAD and Managed Identity token provider changes Azure/azure-sdk-for-net#6327)
• 664c983 chore: Update Integration Test Performance Data ([BUG]Azure Key Vault - Azure.KeyVault client is not closing socket connections causing TCP connection exhaust Azure/azure-sdk-for-net#6326)
• f6843e9 ci: Workflow Bot -- Update ALL Dependencies (main) (AutoPr-CognitiveServices-yangyuan-REST Spec PrNumber 6009 Azure/azure-sdk-for-net#6323)
• 42e2012 chore: Update Integration Test Performance Data (AutoPr-Cdn-billytrend-REST Spec PrNumber 6011 Azure/azure-sdk-for-net#6324)
• 3a5a39e fix: Workflow Bot -- Update Dictionaries (main) (New Websites SDK test recordings, assembly version update Azure/azure-sdk-for-net#6325)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

[github-actions]

Thank you for your contribution @snyk-io[bot]! We will review the pull request and get back to you soon.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/cspell@8.15.0	network Transitive: environment, filesystem, unsafe	+116	7.22 MB	jason-dent

🚮 Removed packages: npm/cspell@6.31.2

View full report↗︎

[github-actions]

Hi @snyk-io[bot]. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days.

[github-actions]

Hi @snyk-io[bot]. Thank you for your contribution. Since there hasn't been recent engagement, we're going to close this out. Feel free to respond with a comment containing /reopen if you'd like to continue working on these changes. Please be sure to use the command to reopen or remove the no-recent-activity label; otherwise, this is likely to be closed again with the next cleanup pass.