github-action
github-action copied to clipboard
cypress-io
fix(deps): update brace-expansion
Situation
Dependabot and npm audit report a low severity vulnerability CVE-2025-5889 in a transient dependency:
used in action caching, action examples and ESLint related modules.
Lockfiles with vulnerable versions are:
- package-lock.json
- examples/start-and-yarn-workspaces/yarn.lock
- examples/start-and-pnpm-workspaces/pnpm-lock.yaml
Change
Update affected lock files to use:
- Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.
:tada: This PR is included in version 6.10.1 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}