Skip to content

fix(deps): vuln basic-ftp (minor → 5.3.1) #2382

Merged
Drarig29 merged 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/2-1782468758
Jun 26, 2026
Merged

fix(deps): vuln basic-ftp (minor → 5.3.1) #2382
Drarig29 merged 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/2-1782468758

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

  • . (yarn)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
basic-ftp 5.2.0 5.3.1 minor Transitive 4 HIGH

Security Details

🚨 Critical & High Severity (4 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
basic-ftp GHSA-rpmf-866q-6p89 HIGH basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering 5.2.0 5.3.1
basic-ftp GHSA-6v7q-wjvx-w8wg HIGH basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands 5.2.0 5.2.2
basic-ftp GHSA-rp42-5vxx-qpwr HIGH basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() 5.2.0 5.3.0
basic-ftp GHSA-chqc-8p9q-pq6q HIGH basic-ftp has FTP Command Injection via CRLF 5.2.0 5.2.1

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-datadog-prod-us1

datadog-datadog-prod-us1 Bot commented Jun 26, 2026

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

Continuous Integration | Test standalone binary in Alpine   View in Datadog   GitHub Actions

PR labels | Categorize PR   View in Datadog   GitHub Actions

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 2eee855 | Docs | Datadog PR Page | Give us feedback!

@Drarig29
Drarig29 marked this pull request as ready for review June 26, 2026 10:25
@Drarig29
Drarig29 requested a review from a team as a code owner June 26, 2026 10:25
@dd-prapprover-prod-77c48c

dd-prapprover-prod-77c48c Bot commented Jun 26, 2026

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-06-26T10:25:33Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: CI tests failed. Please fix the failing tests to continue.

@Drarig29
Drarig29 merged commit e521260 into master Jun 26, 2026
38 of 41 checks passed
@Drarig29
Drarig29 deleted the engraver-auto-version-upgrade/minorpatch/npm/2-1782468758 branch June 26, 2026 11:50
@ava-silver ava-silver mentioned this pull request Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant