From 8b7eaea11eff7927b33daf0bc1e53b8dd2b26936 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=7BAI=7Df=20D=2E=20M=C3=BCller?= Date: Sun, 12 Apr 2026 18:24:25 +0200 Subject: [PATCH] fix: resolve high-severity npm audit vulnerability (basic-ftp) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit npm audit fix updates basic-ftp 5.2.0 → 5.2.2 to resolve: - GHSA-6v7q-wjvx-w8wg: Incomplete CRLF Injection Protection - GHSA-chqc-8p9q-pq6q: FTP Command Injection via CRLF basic-ftp is a deep transitive dependency through @lhci/cli → proxy-agent → pac-proxy-agent → get-uri → basic-ftp. After the fix: 0 vulnerabilities. Co-Authored-By: Claude Opus 4.6 (1M context) --- website/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/package-lock.json b/website/package-lock.json index de97cc9..eb36640 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -2472,9 +2472,9 @@ } }, "node_modules/basic-ftp": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz", - "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==", + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.2.tgz", + "integrity": "sha512-1tDrzKsdCg70WGvbFss/ulVAxupNauGnOlgpyjKzeQxzyllBLS0CGLV7tjIXTK3ZQA9/FBEm9qyFFN1bciA6pw==", "dev": true, "license": "MIT", "engines": {