fix(deps): bump basic-ftp from 5.1.0 to 5.3.1 by dependabot[bot] · Pull Request #52 · salesforcecli/plugin-metadata-enrichment

dependabot · 2026-05-08T09:49:13Z

Bumps basic-ftp from 5.1.0 to 5.3.1.

Release notes

5.3.1

Fixed: Protect against unbounded control response, fixes GHSA-rpmf-866q-6p89.

5.3.0

Changed: Introduced an upper bound for total bytes of directory listing, fixes GHSA-rp42-5vxx-qpwr.

Added: Option to increase the upper bound for total bytes of directory listing in Client constructor.

5.2.2

Fixed: Improve control character rejection, fixes GHSA-6v7q-wjvx-w8wg.

5.2.1

Fixed: Reject control character injection attempts using paths. See GHSA-chqc-8p9q-pq6q.

5.2.0

Changed: Skip files with invalid name in downloadToDir.

Changelog

Sourced from basic-ftp's changelog.

5.3.1

Fixed: Protect against unbounded control response, fixes GHSA-rpmf-866q-6p89.

5.3.0

Changed: Introduced an upper bound for total bytes of directory listing, fixes GHSA-rp42-5vxx-qpwr.

Added: Option to increase the upper bound for total bytes of directory listing in Client constructor.

5.2.2

Fixed: Improve control character rejection, fixes GHSA-6v7q-wjvx-w8wg.

5.2.1

Fixed: Reject control character injection attempts using paths. See GHSA-chqc-8p9q-pq6q.

5.2.0

Changed: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see GHSA-5rq4-664w-9x2c.

Commits

980371b Guard against unbounded control response
50827c7 Adjust changelog to match release notes
c9378a8 Fix test
22abe43 Update Github Actions
0feaaec Fix test
6629d7d Improve error message
9c3bf4f Set higher default value for max size of directory listing
acd3942 Bump version
1304429 Offer maxListingBytes as an option
5cb5367 Add bounded StringWriter
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by patrickjuchli, a new releaser for basic-ftp since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.1.0 to 5.3.1. - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.1.0...v5.3.1) --- updated-dependencies: - dependency-name: basic-ftp dependency-version: 5.3.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies Pull requests that update a dependency file label May 8, 2026

dependabot Bot requested a review from a team as a code owner May 8, 2026 09:49

dependabot Bot mentioned this pull request May 8, 2026

fix(deps): bump basic-ftp from 5.1.0 to 5.3.0 #48

Closed

dependabot Bot force-pushed the dependabot-npm_and_yarn-basic-ftp-5.3.1 branch from 38a114e to 0871812 Compare May 27, 2026 17:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): bump basic-ftp from 5.1.0 to 5.3.1#52

fix(deps): bump basic-ftp from 5.1.0 to 5.3.1#52
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-basic-ftp-5.3.1

dependabot Bot commented on behalf of github May 8, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

5.3.1

5.3.0

5.2.2

5.2.1

5.2.0

5.3.1

5.3.0

5.2.2

5.2.1

5.2.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 8, 2026 •

edited

Loading