From 66dfe6a74ea7ce7ce08b78d89ef0f489ee1e2052 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Fri, 29 May 2026 11:29:21 +0000
Subject: [PATCH] fix: CVE-2026-44240 security vulnerability

Automated dependency upgrade by OrbisAI Security
---
 package-lock.json | 7 ++++---
 package.json      | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 07b9c058ec10..8b404b7fc168 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,6 +12,7 @@
       "dependencies": {
         "@coder/logger": "^3.0.1",
         "argon2": "^0.44.0",
+        "basic-ftp": "^5.3.1",
         "compression": "^1.7.4",
         "cookie-parser": "^1.4.6",
         "env-paths": "^2.2.1",
@@ -1639,9 +1640,9 @@
       "license": "MIT"
     },
     "node_modules/basic-ftp": {
-      "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.3.0.tgz",
-      "integrity": "sha512-5K9eNNn7ywHPsYnFwjKgYH8Hf8B5emh7JKcPaVjjrMJFQQwGpwowEnZNEtHs7DfR7hCZsmaK3VA4HUK0YarT+w==",
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.3.1.tgz",
+      "integrity": "sha512-bopVNp6ugyA150DDuZfPFdt1KZ5a94ZDiwX4hMgZDzF+GttD80lEy8kj98kbyhLXnPvhtIo93mdnLIjpCAeeOw==",
       "license": "MIT",
       "engines": {
         "node": ">=10.0.0"
diff --git a/package.json b/package.json
index b229efb3f5e5..c200d43b3e19 100644
--- a/package.json
+++ b/package.json
@@ -69,6 +69,7 @@
   "dependencies": {
     "@coder/logger": "^3.0.1",
     "argon2": "^0.44.0",
+    "basic-ftp": "^5.3.1",
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.6",
     "env-paths": "^2.2.1",