From 3345027435c21fb6d40aeb54dce251cfcd4574be Mon Sep 17 00:00:00 2001
From: Lokesh Chandra <lokeshchandra956@bitgo.com>
Date: Fri, 27 Feb 2026 12:11:17 +0530
Subject: [PATCH] fix(root): ftp vulnerability

Ticket: WP-8089
---
 package.json | 1 +
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 875c9731c4..7959dee396 100644
--- a/package.json
+++ b/package.json
@@ -79,6 +79,7 @@
     "@babel/helpers": "^7.28.2",
     "buffer": "^6.0.3",
     "body-parser": "1.20.3",
+    "basic-ftp": "5.2.0",
     "degenerator": "5.0.0",
     "eventsource": "2.0.2",
     "follow-redirects": "1.15.11",
diff --git a/yarn.lock b/yarn.lock
index 392e1780ee..cbfa734076 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7762,10 +7762,10 @@ basic-auth@~2.0.1:
   dependencies:
     safe-buffer "5.1.2"
 
-basic-ftp@^5.0.2:
-  version "5.0.5"
-  resolved "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz"
-  integrity sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==
+basic-ftp@5.2.0, basic-ftp@^5.0.2:
+  version "5.2.0"
+  resolved "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz#7c2dff63c918bde60e6bad1f2ff93dcf5137a40a"
+  integrity sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==
 
 batch@0.6.1:
   version "0.6.1"