dependency: update dependency simple-git to v3.16.0 [security] (cypress-io#25603)

renovate[bot] · ZachJW34 · emilyrohrbough · web-flow · commit 92a07c671713 · 2023-02-01T08:59:03.000-06:00
Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: Zachary Williams &lt;zachjw34@gmail.com&gt;
Co-authored-by: Emily Rohrbough &lt;emilyrohrbough@users.noreply.github.com&gt;
diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md
@@ -1,4 +1,12 @@
  <!-- See the ../guides/writing-the-cypress-changelog.md for details on writing the changelog. -->
+## 12.5.1
+
+_Released 02/10/2023 (PENDING)_
+
+**Dependency Updates:**
+
+- Upgraded [`simple-git`](https://github.com/steveukx/git-js) from `3.15.0` to `3.16.0` to address this [security vulnerability](https://github.com/advisories/GHSA-9p95-fxvg-qgq2) where Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods due to improper input sanitization was possible. Addressed in [#25603](https://github.com/cypress-io/cypress/pull/25603).
+
 ## 12.5.0
 
 _Released 01/31/2023_
diff --git a/packages/data-context/package.json b/packages/data-context/package.json
@@ -49,7 +49,7 @@
     "randomstring": "1.1.5",
     "react-docgen": "6.0.0-alpha.3",
     "semver": "7.3.2",
-    "simple-git": "3.15.0",
+    "simple-git": "3.16.0",
     "stringify-object": "^3.0.0",
     "underscore.string": "^3.3.6",
     "wonka": "^4.0.15"
diff --git a/yarn.lock b/yarn.lock
@@ -26590,10 +26590,10 @@ simple-get@^4.0.0:
     once "^1.3.1"
     simple-concat "^1.0.0"
 
-simple-git@3.15.0:
-  version "3.15.0"
-  resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.0.tgz#301a95a943c4f9b0a21d051eb6e6d0ffe4c9754f"
-  integrity sha512-FiWoMPlcYHQ+ApRihUsGjC/ZmIlWj62S6MBCwOunczvXcLQt+9ZdrysDrR6QVepkRQfEAaBXrN2QtJKrN6zbtg==
+simple-git@3.16.0:
+  version "3.16.0"
+  resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.16.0.tgz#421773e24680f5716999cc4a1d60127b4b6a9dec"
+  integrity sha512-zuWYsOLEhbJRWVxpjdiXl6eyAyGo/KzVW+KFhhw9MqEEJttcq+32jTWSGyxTdf9e/YCohxRE+9xpWFj9FdiJNw==
   dependencies:
     "@kwsites/file-exists" "^1.1.1"
     "@kwsites/promise-deferred" "^1.1.1"
