From f9d2e432c625e06dad09d8397f7f9754a4635205 Mon Sep 17 00:00:00 2001
From: phantom-autopilot <273411261+phantom-autopilot@users.noreply.github.com>
Date: Wed, 6 May 2026 20:01:18 +0000
Subject: [PATCH] chore(SEC-10672): upgrade basic-ftp to 5.3.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves GHSA-rpmf-866q-6p89 (CVE-2026-44240) — basic-ftp <= 5.3.0
allows a malicious FTP server to cause client-side denial of service via
unbounded multiline control response buffering. basic-ftp is a transitive
dependency via get-uri's `^5.0.2` range; bumping the lockfile entry to
5.3.1 stays within the existing range.
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 611932d7a..f1129ae1f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5102,9 +5102,9 @@ basic-auth@~2.0.1:
     safe-buffer "5.1.2"
 
 basic-ftp@^5.0.2:
-  version "5.0.5"
-  resolved "https://registry.yarnpkg.com/basic-ftp/-/basic-ftp-5.0.5.tgz#14a474f5fffecca1f4f406f1c26b18f800225ac0"
-  integrity sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==
+  version "5.3.1"
+  resolved "https://registry.yarnpkg.com/basic-ftp/-/basic-ftp-5.3.1.tgz#3148ee9af43c0522514a4f973fecb1d3cbb6d71e"
+  integrity sha512-bopVNp6ugyA150DDuZfPFdt1KZ5a94ZDiwX4hMgZDzF+GttD80lEy8kj98kbyhLXnPvhtIo93mdnLIjpCAeeOw==
 
 bcrypt-pbkdf@^1.0.0:
   version "1.0.2"