[Snyk] Security upgrade simple-git from 3.11.0 to 3.15.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: simple-git

The new version differs by 29 commits.

• e1d66b6 Merge pull request Broken on Windows because of SNYK-JS-COLORS-2331906 #863 from steveukx/changeset-release/main
• d4764bf Version Packages
• 7746480 Chore: bump lerna, jest and create prettier workflow (runner: support GCP OIDC auth #862)
• 47030d5 Merge pull request Runner docker volumes #861 from steveukx/security/protocols
• 6b3c631 Create the `unsafe` plugin to configure how `simple-git` treats known potentially unsafe operations.
• 3324eed Merge pull request CML image problem with OpenSSL certs when using DVC #855 from steveukx/changeset-release/main
• e459622 Version Packages
• 2ea0231 Merge pull request CML workflow create (and UI) #854 from steveukx/chore/update-lerna
• 5a2e7e4 Add version parsing support for non-numeric patches (to include built… (github-send-check usage warnings #853)
• 88fee05 Chore: bump lerna to latest `5.5.1`
• 0f964ba Merge pull request 0.10.0 #849 from steveukx/changeset-release/main
• 6460a1f Version Packages
• 4259b26 Create interface for retrieving git version information ([Snyk] Upgrade @octokit/rest from 18.0.0 to 18.12.0 #850)
• 19029fc Abort plugin (Can't use AWS Instance GPU on GITLAB CI and CML-RUNNER #848)
• 1cd0dac Merge pull request Standalone pkg #842 from steveukx/changeset-release/main
• ee801ae Version Packages
• d0dceda Allow using just one of `from` and `to` in the `git.log` options. (test: potentially fix windows failures #846)
• 6b3e05c Share test utilities (Cannot find module 'pseudoexec' #843)
• a975980 Merge pull request expose USER to whom CML reports belong #841 from steveukx/feat/remove-legacy-promise
• 87b0d75 Changeset
• 670d854 Remove `/promise` type definitions, allow JavaScript to `require('simple-git/promise')` with deprecation notice written to `console.error`
• bf97246 Revert "Remove ability to import `/promise` types and throw when required."
• 1631776 Remove legacy promise integration test
• 2ac1d3f Remove ability to import `/promise` types and throw when required.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)