diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md index 125f7eddd65..a9b9d081e38 100644 --- a/cli/CHANGELOG.md +++ b/cli/CHANGELOG.md @@ -1,4 +1,11 @@ +## 15.12.1 + +_Released 03/24/2026 (PENDING)_ + +**Dependency Updates:** + +- Upgraded `simple-git` from `3.27.0` to `3.32.3` to address [Improper Handling of Case Sensitivity](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-15457646) (CVE-2026-28292) vulnerability reported in security scans. Addressed in [#33470](https://github.com/cypress-io/cypress/pull/33470) ## 15.12.0 diff --git a/packages/app/package.json b/packages/app/package.json index 73672f0f3d0..829e9cb110c 100644 --- a/packages/app/package.json +++ b/packages/app/package.json @@ -70,7 +70,7 @@ "p-defer": "^3.0.0", "pinia": "2.0.0-rc.14", "rollup-plugin-copy": "3.4.0", - "simple-git": "^3.27.0", + "simple-git": "^3.32.3", "sinon": "13.0.2", "tailwindcss": "^3.3.1", "vite": "^6.3.5", diff --git a/packages/data-context/package.json b/packages/data-context/package.json index 9e35b01715a..e070957954f 100644 --- a/packages/data-context/package.json +++ b/packages/data-context/package.json @@ -71,7 +71,7 @@ "semver": "^7.7.3", "send": "0.19.0", "server-destroy": "1.0.1", - "simple-git": "^3.27.0", + "simple-git": "^3.32.3", "stringify-object": "^3.0.0", "tsx": "4.20.6", "underscore.string": "^3.3.6", diff --git a/patches/simple-git+3.33.0.patch b/patches/simple-git+3.33.0.patch new file mode 100644 index 00000000000..8afd903d616 --- /dev/null +++ b/patches/simple-git+3.33.0.patch @@ -0,0 +1,32 @@ +diff --git a/node_modules/simple-git/dist/cjs/index.js b/node_modules/simple-git/dist/cjs/index.js +index 027f227..f0e3828 100644 +--- a/node_modules/simple-git/dist/cjs/index.js ++++ b/node_modules/simple-git/dist/cjs/index.js +@@ -1805,10 +1805,8 @@ var init_tasks_pending_queue = __esm({ + static getName(name = "empty") { + return `task:${name}:${++_TasksPendingQueue.counter}`; + } +- static { +- this.counter = 0; +- } + }; ++ TasksPendingQueue.counter = 0; + } + }); + +diff --git a/node_modules/simple-git/dist/esm/index.js b/node_modules/simple-git/dist/esm/index.js +index ee39dec..44fe293 100644 +--- a/node_modules/simple-git/dist/esm/index.js ++++ b/node_modules/simple-git/dist/esm/index.js +@@ -1231,10 +1231,8 @@ var init_tasks_pending_queue = __esm({ + static getName(name = "empty") { + return `task:${name}:${++_TasksPendingQueue.counter}`; + } +- static { +- this.counter = 0; +- } + }; ++ TasksPendingQueue.counter = 0; + } + }); + diff --git a/yarn.lock b/yarn.lock index a800f682b37..ca494a1e076 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14204,7 +14204,7 @@ debug@3.2.6: dependencies: ms "^2.1.1" -debug@4, debug@4.4.1, debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2, debug@^4.3.3, debug@^4.3.4, debug@^4.3.5, debug@^4.3.6, debug@^4.3.7, debug@^4.4.0, debug@^4.4.1: +debug@4, debug@4.4.1, debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2, debug@^4.3.3, debug@^4.3.4, debug@^4.3.6, debug@^4.3.7, debug@^4.4.0, debug@^4.4.1: version "4.4.1" resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.1.tgz#e5a8bc6cbc4c6cd3e64308b0693a3d4fa550189b" integrity sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ== @@ -28508,14 +28508,14 @@ simple-get@^4.0.0: once "^1.3.1" simple-concat "^1.0.0" -simple-git@^3.27.0: - version "3.27.0" - resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.27.0.tgz#f4b09e807bda56a4a3968f635c0e4888d3decbd5" - integrity sha512-ivHoFS9Yi9GY49ogc6/YAi3Fl9ROnF4VyubNylgCkA+RVqLaKWnDSzXOVzya8csELIaWaYNutsEuAhZrtOjozA== +simple-git@^3.32.3: + version "3.33.0" + resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.33.0.tgz#b903dc70f5b93535a4f64ff39172da43058cfb88" + integrity sha512-D4V/tGC2sjsoNhoMybKyGoE+v8A60hRawKQ1iFRA1zwuDgGZCBJ4ByOzZ5J8joBbi4Oam0qiPH+GhzmSBwbJng== dependencies: "@kwsites/file-exists" "^1.1.1" "@kwsites/promise-deferred" "^1.1.1" - debug "^4.3.5" + debug "^4.4.0" simple-swizzle@^0.2.2: version "0.2.2"