fix: resolve high-severity npm audit vulnerability (basic-ftp)

[raifdmueller]

Summary

npm audit fix updates basic-ftp from 5.2.0 → 5.2.2 to resolve two high-severity CRLF injection advisories:

• GHSA-6v7q-wjvx-w8wg — Incomplete CRLF Injection Protection
• GHSA-chqc-8p9q-pq6q — FTP Command Injection via CRLF

`basic-ftp` is a deep transitive dependency:

```
@lhci/cli → proxy-agent → pac-proxy-agent → get-uri → basic-ftp
```

After the fix: 0 vulnerabilities. No breaking changes — only package-lock.json is modified.

Test plan

• `npm audit --audit-level=high` passes (exit code 0)
• Dependency Security Audit CI check passes

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• website/package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: f0cd03e5-bbf8-42cd-9af1-811e680aebc9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}