Skip to content

build(deps): bump the npm_and_yarn group across 2 directories with 1 update#418

Merged
rishab-intercom merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-74e056b14f
Apr 13, 2026
Merged

build(deps): bump the npm_and_yarn group across 2 directories with 1 update#418
rishab-intercom merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-74e056b14f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 10, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the / directory: basic-ftp.
Bumps the npm_and_yarn group with 1 update in the /examples/example/e2e directory: basic-ftp.

Updates basic-ftp from 5.2.1 to 5.2.2

Release notes

Sourced from basic-ftp's releases.

5.2.2

Changelog

Sourced from basic-ftp's changelog.

5.2.2

Commits

Updates basic-ftp from 5.2.1 to 5.2.2

Release notes

Sourced from basic-ftp's releases.

5.2.2

Changelog

Sourced from basic-ftp's changelog.

5.2.2

Commits

Updates basic-ftp from 5.2.1 to 5.2.2

Release notes

Sourced from basic-ftp's releases.

5.2.2

Changelog

Sourced from basic-ftp's changelog.

5.2.2

Commits

Updates basic-ftp from 5.2.1 to 5.2.2

Release notes

Sourced from basic-ftp's releases.

5.2.2

Changelog

Sourced from basic-ftp's changelog.

5.2.2

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 10, 2026
@github-management-service
Copy link
Copy Markdown

github-management-service commented Apr 10, 2026

It looks like you are reviewing a Dependabot upgrade PR! 🛠️
That’s great! Keeping our packages up to date to fix security issues in our stack is super important. Team Application Security wants to help make this process as easy and low friction as possible while still moving at pace.

We aim to merge Dependabot PRs within the below timeframes. The objectives are based on the severity of the security vulnerability we are mitigating with the upgrade:

Severity Target Merge (days)
CRITICAL 7 days
HIGH 14 days
MEDIUM 30 days
LOW 90 days

🎯 Target merge date for this PR: 24/04/2026 🎯

FAQ

What if we aren’t vulnerable to this particular CVE? Do we still have to upgrade the package? It’s still a good idea to upgrade the package if we can. With new code patterns and paths being introduced every day, we have no guarantee that we won’t later make ourselves vulnerable. Keeping packages up to date as a matter of due course is also good hygiene.
What if we’re not vulnerable and upgrading is going to be a lot of work? In these cases it’s a good idea to list out the steps you took to confirm we are not vulnerable in this PR. The PR can then be closed and the corresponding Dependabot Alert should be dismissed with the triage steps included as a comment. Please get in touch with Team Application Security via #ask-security before dismissing any CRITICAL alerts.
This is a major version upgrade that requires substantial code refactoring. What should I do? If the upgrade requires substantial refactoring then it is possible that we will miss the objectives we have outlined above. In these cases, you should add the dependabot-refactor-required label to this PR and ping #ask-security for further advice.

@github-management-service github-management-service requested a review from a team April 10, 2026 21:51
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 10, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@dependabot
build(deps): bump the npm_and_yarn group across 2 directories with 1 …
0c28d1b 
…update

Bumps the npm_and_yarn group with 1 update in the / directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp).
Bumps the npm_and_yarn group with 1 update in the /examples/example/e2e directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp).


Updates `basic-ftp` from 5.2.1 to 5.2.2
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.2.1...v5.2.2)

Updates `basic-ftp` from 5.2.1 to 5.2.2
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: basic-ftp
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-74e056b14f branch from 4e8bc32 to 0c28d1b Compare April 13, 2026 09:32
@rishab-intercom rishab-intercom merged commit 47da4ea into main Apr 13, 2026
8 checks passed
@rishab-intercom rishab-intercom deleted the dependabot/npm_and_yarn/npm_and_yarn-74e056b14f branch April 13, 2026 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rishab-intercom rishab-intercom rishab-intercom approved these changes

Assignees

No one assigned

Labels

alert-severity-HIGH dependabot-semver-unknown dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code team-messenger

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@github-management-service @rishab-intercom