fix(deps): bump basic-ftp override to 5.2.1 to patch CRLF injection
Resolves Dependabot alert #183 (high severity): basic-ftp 5.2.0 is vulnerable to FTP command injection via CRLF. The package is pulled in as a dev-only transitive dependency by @histoire/plugin-screenshot.
This commit is contained in:
parent
8814cb37d8
commit
27a88dd17a
|
|
@ -168,7 +168,7 @@
|
|||
"overrides": {
|
||||
"minimatch": "^10.2.3",
|
||||
"rollup": "$rollup",
|
||||
"basic-ftp": "5.2.0",
|
||||
"basic-ftp": "5.2.1",
|
||||
"serialize-javascript": "^7.0.5",
|
||||
"flatted": "^3.4.1"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ settings:
|
|||
overrides:
|
||||
minimatch: ^10.2.3
|
||||
rollup: 4.60.1
|
||||
basic-ftp: 5.2.0
|
||||
basic-ftp: 5.2.1
|
||||
serialize-javascript: ^7.0.5
|
||||
flatted: ^3.4.1
|
||||
|
||||
|
|
@ -3321,10 +3321,9 @@ packages:
|
|||
engines: {node: '>=6.0.0'}
|
||||
hasBin: true
|
||||
|
||||
basic-ftp@5.2.0:
|
||||
resolution: {integrity: sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==}
|
||||
basic-ftp@5.2.1:
|
||||
resolution: {integrity: sha512-0yaL8JdxTknKDILitVpfYfV2Ob6yb3udX/hK97M7I3jOeznBNxQPtVvTUtnhUkyHlxFWyr5Lvknmgzoc7jf+1Q==}
|
||||
engines: {node: '>=10.0.0'}
|
||||
deprecated: Security vulnerability fixed in 5.2.1, please upgrade
|
||||
|
||||
bidi-js@1.0.3:
|
||||
resolution: {integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==}
|
||||
|
|
@ -10084,7 +10083,7 @@ snapshots:
|
|||
|
||||
baseline-browser-mapping@2.10.12: {}
|
||||
|
||||
basic-ftp@5.2.0: {}
|
||||
basic-ftp@5.2.1: {}
|
||||
|
||||
bidi-js@1.0.3:
|
||||
dependencies:
|
||||
|
|
@ -11097,7 +11096,7 @@ snapshots:
|
|||
|
||||
get-uri@6.0.4:
|
||||
dependencies:
|
||||
basic-ftp: 5.2.0
|
||||
basic-ftp: 5.2.1
|
||||
data-uri-to-buffer: 6.0.2
|
||||
debug: 4.4.3
|
||||
transitivePeerDependencies:
|
||||
|
|
|
|||
Loading…
Reference in New Issue