fix(deps): update form-data to 2.5.5 (CVE-2025-7783)

[MikeMcC399]

• resolves reporting of CVE-2025-7783 in action

Situation

npm audit reports GHSA-fjxv-7rqg-78g4 critical vulnerability CVE-2025-7783 for transient dependency form-data@2.5.3

Steps to reproduce

git clone https://github.com/cypress-io/github-action
cd github-action
npm ci
npm audit

Logs

$ npm audit
# npm audit report

form-data  <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix`
node_modules/form-data

1 critical severity vulnerability

To address all issues, run:
  npm audit fix

$ npm ls form-data
@cypress/github-action@0.0.0-development
└─┬ @actions/cache@4.0.2
  └─┬ @azure/ms-rest-js@2.7.0
    └── form-data@2.5.3

Change

Use npm audit fix to update from form-data@2.5.3 to the non-vulnerable transient dependency form-data@2.5.5 (current 2.x latest).

Comment

• Updating the dependency does not cause any change to the compiled code, so it looks like there was no corresponding vulnerability compiled into the action in the first place. Nevertheless, the PR remediates the vulnerability report in the action and I suggest therefore to merge it.

• This PR does not address vulnerabilities in the examples coming from cypress@14.5.2. This will be handled separately and may depend on an update from Cypress, and Cypress' dependencies. See Critical vulnerability CVE-2025-7783 using form-data 4.0.1 & 4.0.3 cypress#32066

[cypress-app-bot]

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.

[github-actions]

🎉 This PR is included in version 6.10.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀