[Snyk] Upgrade cspell from 8.12.1 to 9.2.1

[snyk-io]

Snyk has created this PR to upgrade cspell from 8.12.1 to 9.2.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 41 versions ahead of your current version.

• The recommended version was released 2 months ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	140	Proof of Concept
	Improper Validation of Specified Type of Input SNYK-JS-FASTIFY-9788069	140	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FINDMYWAY-8055229	140	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	140	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	140	Proof of Concept
	Insecure Randomness SNYK-JS-FORMIDABLE-9788127	140	Proof of Concept

Release notes

Package name: cspell

• 9.2.1 - 2025-08-31
  

  Dictionary Updates

  fix: Workflow Bot -- Update Dictionaries (main) (#7795)

  fix: Workflow Bot -- Update Dictionaries (main) (#7795)

  Update Dictionaries (main)

  Summary

   .../snapshots/graphql/graphql-spec/report.yaml     | 108 ++++++++++-----------
   .../snapshots/wireapp/wire-desktop/report.yaml     |   2 +-
   packages/cspell-bundled-dicts/package.json         |   8 +-
   packages/cspell/src/__snapshots__/app.test.ts.snap |  15 +--
   pnpm-lock.yaml                                     |  44 +++++----
   5 files changed, 95 insertions(+), 82 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7791)

  fix: Workflow Bot -- Update Dictionaries (main) (#7791)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json         |  8 ++--
   packages/cspell/src/__snapshots__/app.test.ts.snap | 22 +++++-----
   pnpm-lock.yaml                                     | 47 ++++++++++++----------
   3 files changed, 41 insertions(+), 36 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7768)

  fix: Workflow Bot -- Update Dictionaries (main) (#7768)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  2 +-
   pnpm-lock.yaml                             | 11 ++++++++---
   2 files changed, 9 insertions(+), 4 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7764)

  fix: Workflow Bot -- Update Dictionaries (main) (#7764)

  Update Dictionaries (main)

  Summary

   .../snapshots/django/django/report.yaml            |  4 +-
   .../snapshots/django/django/snapshot.txt           |  3 +-
   .../snapshots/php/php-src/report.yaml              |  3 +-
   .../snapshots/php/php-src/snapshot.txt             |  3 +-
   packages/cspell-bundled-dicts/package.json         | 10 ++--
   pnpm-lock.yaml                                     | 57 ++++++++++++----------
   6 files changed, 40 insertions(+), 40 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7745)

  fix: Workflow Bot -- Update Dictionaries (main) (#7745)

  Update Dictionaries (main)

  Summary

   .../snapshots/TheAlgorithms/Python/report.yaml     |   3 +-
   .../snapshots/TheAlgorithms/Python/snapshot.txt    |   3 +-
   packages/cspell-bundled-dicts/package.json         |   2 +-
   pnpm-lock.yaml                                     | 162 ++++++++++-----------
   4 files changed, 84 insertions(+), 86 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7728)

  fix: Workflow Bot -- Update Dictionaries (main) (#7728)

  Update Dictionaries (main)

  Summary

   integration-tests/snapshots/mdx-js/mdx/report.yaml |  3 +--
   .../snapshots/mdx-js/mdx/snapshot.txt              |  3 +--
   .../snapshots/vitest-dev/vitest/report.yaml        |  6 +-----
   .../snapshots/vitest-dev/vitest/snapshot.txt       |  4 +---
   packages/cspell-bundled-dicts/package.json         |  4 ++--
   pnpm-lock.yaml                                     | 24 +++++++++++-----------
   6 files changed, 18 insertions(+), 26 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7672)

  fix: Workflow Bot -- Update Dictionaries (main) (#7672)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  6 ++---
   pnpm-lock.yaml                             | 36 +++++++++++++++---------------
   2 files changed, 21 insertions(+), 21 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7662)

  fix: Workflow Bot -- Update Dictionaries (main) (#7662)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  6 ++---
   pnpm-lock.yaml                             | 36 +++++++++++++++---------------
   2 files changed, 21 insertions(+), 21 deletions(-)
  

  ---

• 9.2.0 - 2025-07-19
  
  refactor: Support url based cache entries (#7639)

  refactor: Support url based cache entries (#7639)

  ---

  Features

  fix: Support remote dependencies in cache (#7642)

  fix: Support remote dependencies in cache (#7642)

  ---

  Fixes

  fix: Remove `flat-cache` dependency (#7636)

  fix: Remove flat-cache dependency (#7636)

  flat-cache v6 is not compatible with the cspell cache. Since flat-cache was mostly a pass through to flatted, it was better to just replace it.

  ---

  refactor: move towards caching URLs (#7634)

  refactor: move towards caching URLs (#7634)

  ---

  fix: Support async cache (#7631)

  fix: Support async cache (#7631)

  ---

  fix: Replace file-entry-cache (#6579)

  fix: Replace file-entry-cache (#6579)

  Deprecating the use of file-entry-cache.

  v10 of file-entry-cache breaks the spell checker and bloats the cache size.

  This PR is the first step in reducing the dependency upon file-entry-cache and its dependencies.

  ---

  fix: Clean cspell-lib type exports (#7615)

  fix: Clean cspell-lib type exports (#7615)

  ---

  Dictionary Updates

  fix: Workflow Bot -- Update Dictionaries (main) (#7618)

  fix: Workflow Bot -- Update Dictionaries (main) (#7618)

  Update Dictionaries (main)

  Summary

   integration-tests/snapshots/vitest-dev/vitest/report.yaml  | 10 ++--------
   integration-tests/snapshots/vitest-dev/vitest/snapshot.txt |  5 +----
   packages/cspell-bundled-dicts/package.json                 |  2 +-
   pnpm-lock.yaml                                             | 12 ++++++------
   4 files changed, 10 insertions(+), 19 deletions(-)
  

  ---

• 9.1.5 - 2025-07-13
  

  Fixes

  fix: Compile before publish (#7610)

  fix: Compile before publish (#7610)

  ---

• 9.1.3 - 2025-07-05
  

  Fixes

  fix: Add toml config reader/writer (#7565)

  fix: Add toml config reader/writer (#7565)

  fixes #7563

  ---

  Dictionary Updates

  fix: Workflow Bot -- Update Dictionaries (main) (#7569)

  fix: Workflow Bot -- Update Dictionaries (main) (#7569)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  2 +-
   pnpm-lock.yaml                             | 12 ++++++------
   2 files changed, 7 insertions(+), 7 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7564)

  fix: Workflow Bot -- Update Dictionaries (main) (#7564)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  2 +-
   pnpm-lock.yaml                             | 12 ++++++------
   2 files changed, 7 insertions(+), 7 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7560)

  fix: Workflow Bot -- Update Dictionaries (main) (#7560)

  Update Dictionaries (main)

  Summary

   .../snapshots/flutter/samples/report.yaml          |  4 +--
   .../snapshots/flutter/samples/snapshot.txt         |  7 ++---
   packages/cspell-bundled-dicts/package.json         |  6 ++--
   pnpm-lock.yaml                                     | 33 +++++++++++++---------
   4 files changed, 26 insertions(+), 24 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#7549)

  fix: Workflow Bot -- Update Dictionaries (main) (#7549)

  Update Dictionaries (main)

  Summary

   integration-tests/snapshots/mdx-js/mdx/report.yaml | 46 ++--------------------
   .../snapshots/mdx-js/mdx/snapshot.txt              | 43 +-------------------
   packages/cspell-bundled-dicts/package.json         |  8 ++--
   pnpm-lock.yaml                                     | 45 +++++++++++----------
   4 files changed, 33 insertions(+), 109 deletions(-)
  

  ---

  Documentation

  fix: Add toml config reader/writer (#7565)

  fix: Add toml config reader/writer (#7565)

  fixes #7563

  ---

• 9.1.2 - 2025-06-24
  

  Fixes

  fix: Do not double encode stdin urls (#7536)

  fix: Do not double encode stdin urls (#7536)

  fixes #7517

  ---

  fix: cspell trace output (#7528)

  fix: cspell trace output (#7528)

  It was incorrectly trimming ansi strings.

  ---

  Dictionary Updates

  fix: Workflow Bot -- Update Dictionaries (main) (#7526)

  fix: Workflow Bot -- Update Dictionaries (main) (#7526)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  4 ++--
   pnpm-lock.yaml                             | 24 ++++++++++++------------
   2 files changed, 14 insertions(+), 14 deletions(-)
  

  ---

• 9.1.1 - 2025-06-14
  

  Changes

  Fixes

  fix: Use the native JSON parser if possible (#7502)

  fix: Use the native JSON parser if possible (#7502)

  Some of the cspell settings have grow large. The fix is to use the native JSON parser instead of one that accepts comments.

  ---

• 9.1.0 - 2025-06-14
  

  Changes

  Features

  feat: Add command `dictionaries` (#7445)

  feat: Add command dictionaries (#7445)

  Add new dictionaries command to the cli

  Usage: cspell dictionaries [options]

  List dictionaries

  Options:
-c, --config <cspell.json> Configuration file to use. By default cspell
looks for cspell.json in the current directory.
--path-format <format> Configure how to display the dictionary path.
(choices: "hide", "short", "long", "full",
default: Display most of the path.)
--color Force color.
--no-color Turn off color.
--no-default-configuration Do not load the default configuration and
dictionaries.
-h, --help display help for command


  ---

  feat: Add lint option `--dictionary` (#7441)

  feat: Add lint option --dictionary (#7441)

  Add lint options:

  • --dictionary - enable a dictionary by name
  • --disable-dictionary - disable a dictionary by name

  ---

  feat: Add init command to command-line. (#7414)

  feat: Add init command to command-line. (#7414)

  New command:

  Usage: cspell init [options]

  Initialize a CSpell configuration file.

  Options:
-o, --output <path> Define where to write file.
--format <format> Define the format of the file. (choices: "yaml",
"yml", "json", "jsonc", default: "yaml")
--import <path|package> Import a configuration file or dictionary package.
--locale <locale> Define the locale to use when spell checking (e.g.,
en, en-US, de).
--dictionary <dictionary> Enable a dictionary.
--no-comments Do not add comments to the config file.
--no-schema Do not add the schema reference to the config file.
-h, --help display help for command


  ---

  feat: Add command line option to set reporting level (#7380)

  feat: Add command line option to set reporting level (#7380)

  Command Line Option: --report

  Option: --report
  Choices:

  • all - report everything (default)
  • simple - only report issues with simple fixes.
  • typos - only report issues with common typos.
  • flagged - only report flagged issues.

  Reporters - add opt-in feature flag

  To support legacy reporters, it is necessary to check if they support new features.

  Features:

  /
  * Allows the reporter to advertise which features it supports.
  */
  interface FeaturesSupportedByReporter {
  /
  * The reporter supports the {@ link ReportingConfiguration.unknownWords} option and understands
  * how to filter issues based upon {@ link Issue.isFlagged}, {@ link Issue.hasSimpleSuggestions} and {@ link Issue.hasPreferredSuggestions}.
  * - true - The reporter.issue method will be called for all spelling issues and it is expected to handle .
  * - false | undefined - the unknown words will be filtered out based upon the unknownWords setting before being passed to the reporter.
  */
  unknownWords?: boolean | undefined;

  <span class="pl-c">/**</span>
  

  * The reporter supports the {@ link Issue.issueType} option.
  * - true - the reporter will be called with all issues types.
  * - false | undefined - only {@ link IssueType.spelling} issues will be passed to the reporter.
  */
  issueType?: boolean | undefined;
  }

  ---

  Fixes

  fix: Fix perf issue related to searching for the config. (#7483)

  fix: Fix perf issue related to searching for the config. (#7483)

  ---

  fix: Hide `--config-search` option (#7479)

  fix: Hide --config-search option (#7479)

  ---

  refactor: `isolatedDeclarations: true` (#7459)

  refactor: isolatedDeclarations: true (#7459)

  ---

  refactor: enable isolatedDeclarations (#7456)

  refactor: enable isolatedDeclarations (#7456)

  ---

  refactor: enable isolatedDeclarations (#7452)

  refactor: enable isolatedDeclarations (#7452)

  ---

  fix: Add option to continue on error (#7451)

  fix: Add option to continue on error (#7451)

  Add lint option:

    --continue-on-error          Continue processing files even if there is a configuration error.
  

  ---

  fix: Improve dictionaries command (#7449)

  fix: Improve dictionaries command (#7449)

  Add options:

    --enabled                   Show only enabled dictionaries.
    --no-enabled                Do not show enabled dictionaries.
    --locale <locale>           Set language locales. i.e. "en,fr" for English and
                                French, or "en-GB" for British English.
    --file-type <fileType>      File type to use. i.e. "html", "golang", or
                                "javascript".
    --no-show-location          Do not show the location of the dictionary.
    --show-file-types           Show the file types supported by the dictionary.
                                (default: false)
    --show-locales              Show the language locales supported by the
                                dictionary. (default: false)
  

  ---

  fix: Add trace option `--dictionary` (#7443)

  fix: Add trace option --dictionary (#7443)

  Usage: cspell trace [options] [words...]

  Options:
--dictionary <name> Enable a dictionary by name. Can be used multiple
times.


  ---

  fix: Add init options (#7436)

  fix: Add init options (#7436)

  New options:

    -c, --config <path>        Path to the CSpell configuration file. Conflicts
                               with --output and --format.
    --remove-comments          Remove all comments from the config file.
    --stdout                   Write the configuration to stdout instead of a
                               file.
  

  Help:

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	40% smaller

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.