fix(deps): bump basic-ftp override to 5.2.1 to patch CRLF injection

Resolves Dependabot alert #183 (high severity): basic-ftp 5.2.0 is
vulnerable to FTP command injection via CRLF. The package is pulled in
as a dev-only transitive dependency by @histoire/plugin-screenshot.
This commit is contained in:
kolaente 2026-04-09 15:34:00 +02:00
parent 8814cb37d8
commit 27a88dd17a
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
2 changed files with 6 additions and 7 deletions

View File

@ -168,7 +168,7 @@
"overrides": {
"minimatch": "^10.2.3",
"rollup": "$rollup",
"basic-ftp": "5.2.0",
"basic-ftp": "5.2.1",
"serialize-javascript": "^7.0.5",
"flatted": "^3.4.1"
}

View File

@ -7,7 +7,7 @@ settings:
overrides:
minimatch: ^10.2.3
rollup: 4.60.1
basic-ftp: 5.2.0
basic-ftp: 5.2.1
serialize-javascript: ^7.0.5
flatted: ^3.4.1
@ -3321,10 +3321,9 @@ packages:
engines: {node: '>=6.0.0'}
hasBin: true
basic-ftp@5.2.0:
resolution: {integrity: sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==}
basic-ftp@5.2.1:
resolution: {integrity: sha512-0yaL8JdxTknKDILitVpfYfV2Ob6yb3udX/hK97M7I3jOeznBNxQPtVvTUtnhUkyHlxFWyr5Lvknmgzoc7jf+1Q==}
engines: {node: '>=10.0.0'}
deprecated: Security vulnerability fixed in 5.2.1, please upgrade
bidi-js@1.0.3:
resolution: {integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==}
@ -10084,7 +10083,7 @@ snapshots:
baseline-browser-mapping@2.10.12: {}
basic-ftp@5.2.0: {}
basic-ftp@5.2.1: {}
bidi-js@1.0.3:
dependencies:
@ -11097,7 +11096,7 @@ snapshots:
get-uri@6.0.4:
dependencies:
basic-ftp: 5.2.0
basic-ftp: 5.2.1
data-uri-to-buffer: 6.0.2
debug: 4.4.3
transitivePeerDependencies: