15.11.0

Released Released on February 24, 2026

Features:

  • Adds --pass-with-no-tests command line flag. Addresses #23019. Addressed in #33384.

  • Introduces manual bootstrap script injection via a <script data-cy-bootstrap> tag. This is a workaround to fix React SSR hydration mismatches, and enables React apps to use suppressHydrationWarning to ignore the mismatch. Addresses #27204. Addressed in #33295.

  • Added Brotli compression support to the proxy. Addresses #6197.

  • Improved CI environment detection and CI/commit metadata capture for Cypress Cloud recorded runs. Added support for Harness CI, AWS Amplify Console, Buddy, Bitrise, and Cloudbees Unify and removed support for EOL providers. Addressed in #33396.

Bugfixes:

  • Fixed an issue where a cancelled or incomplete login attempt would not properly open a browser window or tab, and required a restart of Cypress to enable a new login attempt. Fixed in #33366. Fixes #33350.

  • Fixed an issue on Windows where extracting the Studio or Prompt bundle could fail with EPERM: operation not permitted when renaming extracted files. The extract step now retries on EPERM/EACCES with a short delay to handle transient file locks. Addressed in #33330.

  • The capture protocol is now properly cleaned up when the protocol is re-initialized or when the run closes, ensuring CDP client listeners and resources are removed. Addressed in #33391.

Misc:

  • The Node.js path is now displayed correctly in run log headers for typical GitHub Actions paths. ANSI escape sequences are no longer incorrectly displayed for longer Node.js paths. Addresses #32736.

  • Fixed an issue that caused a Node.js DEP0169 deprecation warning to be output when executing cypress install to download and install the Cypress binary. Addresses #33347.

Dependency Updates:

  • Upgraded qs to 6.14.2 to address CVE-2026-2391 vulnerability reported in security scans. Addresses #33363.

  • Upgraded rimraf to 6.1.1 to address CVE-2026-25547 vulnerability reported in security scans. Addressed in #33336.

  • Upgraded squirrelly to 9.1.0 to address CVE-2021-32819 vulnerability reported in security scans. Addresses #33354.

  • Upgraded systeminformation to 5.31.1 to address CVE-2026-26280 and CVE-2026-26318 vulnerabilities reported in security scans. Addresses #33389.