Upgrade GitHub Actions and make bandit, codespell, and pytest mandatory (#835)

* Upgrade GitHub Actions

* Fix typo discovered by codespell

* Update lint_python.yml

2 files changed, 11 insertions, 9 deletions

diff --git a/.github/workflows/lint_python.yml b/.github/workflows/lint_python.yml
index 3b3be00..ba4d6c9 100644
--- a/.github/workflows/lint_python.yml
+++ b/.github/workflows/lint_python.yml
@@ -4,22 +4,24 @@ jobs:
   lint_python:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
       - run: pip install --upgrade pip wheel
       - run: pip install bandit black codespell flake8 flake8-2020 flake8-bugbear
                          flake8-comprehensions isort mypy pytest pyupgrade safety
-      - run: bandit --recursive --skip B101 . || true  # B101 is assert statements
+      - run: bandit --recursive --skip B101,B105,B106,B107,B324 .
       - run: black --check . || true
-      - run: codespell || true  # --ignore-words-list="" --skip="*.css,*.js,*.lock"
+      - run: codespell  # --ignore-words-list="" --skip="*.css,*.js,*.lock"
       - run: flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
       - run: flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88
                       --show-source --statistics
       - run: isort --check-only --profile black . || true
-      - run: pip install -r requirements.txt || pip install --editable . || true
+      - run: pip install -r requirements-test.txt
+      - run: pip install --editable .
       - run: mkdir --parents --verbose .mypy_cache
       - run: mypy --ignore-missing-imports --install-types --non-interactive . || true
-      - run: pytest . || true
-      - run: pytest --doctest-modules . || true
-      - run: shopt -s globstar && pyupgrade --py36-plus **/*.py || true
+      - run: pytest
+      - run: shopt -s globstar && pyupgrade --py37-plus **/*.py || true
       - run: safety check
diff --git a/oauthlib/openid/connect/core/request_validator.py b/oauthlib/openid/connect/core/request_validator.py
index 47c4cd9..e3cea79 100644
--- a/oauthlib/openid/connect/core/request_validator.py
+++ b/oauthlib/openid/connect/core/request_validator.py
@@ -143,7 +143,7 @@ class RequestValidator(OAuth2RequestValidator):
           Token MUST NOT be accepted by the RP when performing
           authentication with the OP.
 
-        Additionals claims must be added, note that `request.scope`
+        Additional claims must be added, note that `request.scope`
         should be used to determine the list of claims.
 
         More information can be found at `OpenID Connect Core#Claims`_