diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md index 0795d3087eba..87596f3fa71e 100644 --- a/cli/CHANGELOG.md +++ b/cli/CHANGELOG.md @@ -1,4 +1,12 @@ +## 12.5.1 + +_Released 02/10/2023 (PENDING)_ + +**Dependency Updates:** + +- Upgraded [`simple-git`](https://github.com/steveukx/git-js) from `3.15.0` to `3.16.0` to address this [security vulnerability](https://github.com/advisories/GHSA-9p95-fxvg-qgq2) where Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods due to improper input sanitization was possible. Addressed in [#25603](https://github.com/cypress-io/cypress/pull/25603). + ## 12.5.0 _Released 01/31/2023_ diff --git a/packages/data-context/package.json b/packages/data-context/package.json index 86a7616eaa4c..7bf141d7e895 100644 --- a/packages/data-context/package.json +++ b/packages/data-context/package.json @@ -49,7 +49,7 @@ "randomstring": "1.1.5", "react-docgen": "6.0.0-alpha.3", "semver": "7.3.2", - "simple-git": "3.15.0", + "simple-git": "3.16.0", "stringify-object": "^3.0.0", "underscore.string": "^3.3.6", "wonka": "^4.0.15" diff --git a/yarn.lock b/yarn.lock index f9f78d5b8010..60ec1e926bfb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -26590,10 +26590,10 @@ simple-get@^4.0.0: once "^1.3.1" simple-concat "^1.0.0" -simple-git@3.15.0: - version "3.15.0" - resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.0.tgz#301a95a943c4f9b0a21d051eb6e6d0ffe4c9754f" - integrity sha512-FiWoMPlcYHQ+ApRihUsGjC/ZmIlWj62S6MBCwOunczvXcLQt+9ZdrysDrR6QVepkRQfEAaBXrN2QtJKrN6zbtg== +simple-git@3.16.0: + version "3.16.0" + resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.16.0.tgz#421773e24680f5716999cc4a1d60127b4b6a9dec" + integrity sha512-zuWYsOLEhbJRWVxpjdiXl6eyAyGo/KzVW+KFhhw9MqEEJttcq+32jTWSGyxTdf9e/YCohxRE+9xpWFj9FdiJNw== dependencies: "@kwsites/file-exists" "^1.1.1" "@kwsites/promise-deferred" "^1.1.1"