chore: pin cspell version

This package has a lot of transient dependencies, resulting in considerable supply chain risk. By pinning its version, we can ensure its dependencies won‘t be updated until we manually update cspell, which should be done through a pull request, so Socket.dev can alert us of malicious packages and other security vulnerabilities. Note that version pinning is only effective when cspell is installed with a lockfile.
radashi-org · Nov 17, 2024 · a33e5a4 · a33e5a4
1 parent 8d31800
commit a33e5a4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -49,7 +49,7 @@
     "@radashi-org/biome-config": "link:scripts/biome-config",
     "@types/node": "^22.7.7",
     "@vitest/coverage-v8": "2.1.5",
-    "cspell": "^8.13.3",
+    "cspell": "8.15.4",
     "prettier": "^3.3.2",
     "prettier-plugin-pkg": "^0.18.1",
     "prettier-plugin-sh": "^0.14.0",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml