From a1fbc277be02cd8d39403eb9ff580984d6cf9dc1 Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Tue, 14 Apr 2026 20:49:42 +0200
Subject: [PATCH] fix(deps): patch follow-redirects and basic-ftp security
 vulnerabilities

Update follow-redirects to 1.16.0 (fixes auth header leak on cross-domain
redirects) and basic-ftp to 5.2.2 (fixes CRLF injection in FTP commands).
---
 frontend/package.json   |  2 +-
 frontend/pnpm-lock.yaml | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/frontend/package.json b/frontend/package.json
index 6462e84fb..00b703f7a 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -168,7 +168,7 @@
     "overrides": {
       "minimatch": "^10.2.3",
       "rollup": "$rollup",
-      "basic-ftp": "5.2.1",
+      "basic-ftp": ">=5.2.2",
       "serialize-javascript": "^7.0.5",
       "flatted": "^3.4.1"
     }
diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml
index ed53bac0e..1a39ed5c5 100644
--- a/frontend/pnpm-lock.yaml
+++ b/frontend/pnpm-lock.yaml
@@ -7,7 +7,7 @@ settings:
 overrides:
   minimatch: ^10.2.3
   rollup: 4.60.1
-  basic-ftp: 5.2.1
+  basic-ftp: '>=5.2.2'
   serialize-javascript: ^7.0.5
   flatted: ^3.4.1
 
@@ -3346,8 +3346,8 @@ packages:
     engines: {node: '>=6.0.0'}
     hasBin: true
 
-  basic-ftp@5.2.1:
-    resolution: {integrity: sha512-0yaL8JdxTknKDILitVpfYfV2Ob6yb3udX/hK97M7I3jOeznBNxQPtVvTUtnhUkyHlxFWyr5Lvknmgzoc7jf+1Q==}
+  basic-ftp@5.2.2:
+    resolution: {integrity: sha512-1tDrzKsdCg70WGvbFss/ulVAxupNauGnOlgpyjKzeQxzyllBLS0CGLV7tjIXTK3ZQA9/FBEm9qyFFN1bciA6pw==}
     engines: {node: '>=10.0.0'}
 
   bidi-js@1.0.3:
@@ -4155,8 +4155,8 @@ packages:
       '@nuxt/kit':
         optional: true
 
-  follow-redirects@1.15.11:
-    resolution: {integrity: sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==}
+  follow-redirects@1.16.0:
+    resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==}
     engines: {node: '>=4.0'}
     peerDependencies:
       debug: '*'
@@ -10064,7 +10064,7 @@ snapshots:
 
   axios@1.15.0:
     dependencies:
-      follow-redirects: 1.15.11
+      follow-redirects: 1.16.0
       form-data: 4.0.5
       proxy-from-env: 2.1.0
     transitivePeerDependencies:
@@ -10127,7 +10127,7 @@ snapshots:
 
   baseline-browser-mapping@2.10.12: {}
 
-  basic-ftp@5.2.1: {}
+  basic-ftp@5.2.2: {}
 
   bidi-js@1.0.3:
     dependencies:
@@ -11047,7 +11047,7 @@ snapshots:
       vue: 3.5.27(typescript@5.9.3)
       vue-resize: 2.0.0-alpha.1(vue@3.5.27(typescript@5.9.3))
 
-  follow-redirects@1.15.11: {}
+  follow-redirects@1.16.0: {}
 
   for-each@0.3.3:
     dependencies:
@@ -11140,7 +11140,7 @@ snapshots:
 
   get-uri@6.0.4:
     dependencies:
-      basic-ftp: 5.2.1
+      basic-ftp: 5.2.2
       data-uri-to-buffer: 6.0.2
       debug: 4.4.3
     transitivePeerDependencies: