From c3b91db34ad92d81066385c59a7d80258219ec0b Mon Sep 17 00:00:00 2001
From: Hrishikesh Jain <hrishikeshjain@bitgo.com>
Date: Thu, 9 Apr 2026 17:19:49 +0530
Subject: [PATCH] fix: upgrade basic-ftp to 5.2.1 to patch CRLF injection
 (GHSA-chqc-8p9q-pq6q)

Ticket: CHALO-405
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 13f10c100f..326e339a83 100644
--- a/package.json
+++ b/package.json
@@ -122,7 +122,7 @@
     "**/iota-sdk/**/valibot": "1.2.0",
     "**/tronweb/**/validator": "13.15.23",
     "@isaacs/brace-expansion": "5.0.1",
-    "basic-ftp": ">=5.2.0",
+    "basic-ftp": "5.2.1",
     "flatted": "3.4.2",
     "sjcl": "npm:@bitgo/sjcl@1.0.1",
     "picomatch": ">=2.3.2"
diff --git a/yarn.lock b/yarn.lock
index 170c228b58..6e3d7a9e45 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7729,10 +7729,10 @@ basic-auth@~2.0.1:
   dependencies:
     safe-buffer "5.1.2"
 
-basic-ftp@>=5.2.0, basic-ftp@^5.0.2:
-  version "5.2.0"
-  resolved "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz#7c2dff63c918bde60e6bad1f2ff93dcf5137a40a"
-  integrity sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==
+basic-ftp@5.2.1, basic-ftp@^5.0.2:
+  version "5.2.1"
+  resolved "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.1.tgz#818ba176e0e52a9e746e8576331f7e9474b94668"
+  integrity sha512-0yaL8JdxTknKDILitVpfYfV2Ob6yb3udX/hK97M7I3jOeznBNxQPtVvTUtnhUkyHlxFWyr5Lvknmgzoc7jf+1Q==
 
 batch@0.6.1:
   version "0.6.1"