[agent] chore(deps): bump basic-ftp from 5.3.0 to 5.3.1

[github-actions]

Bumps the transitive dependency basic-ftp from 5.3.0 to 5.3.1 to resolve Dependabot alert #258.

Security advisory

GHSA-rpmf-866q-6p89 / CVE-2026-44240 — basic-ftp ≤ 5.3.0 allows a malicious FTP server to cause client-side denial of service via unbounded multiline control-response buffering. The fix in 5.3.1 introduces a maximum control-response buffer size.

Severity: High (CVSS 7.5)

Dependency chain

packages/devtools-proxy-support
  → pac-proxy-agent ^7.0.2
    → get-uri ^6.0.1
      → basic-ftp ^5.0.2  (was 5.3.0 → now 5.3.1)

Change

Only package-lock.json was modified. The basic-ftp range (^5.0.2) in get-uri already permits 5.3.1; the lockfile simply had the previous latest (5.3.0) pinned. Running npm update basic-ftp --package-lock-only updated the resolved version to 5.3.1 without any manifest changes required.

Generated by Dependabot remediation agent · ● 624.3K · ◷

[coveralls]

Coverage is 78.63% — fix/dependabot-258-basic-ftp-5.3.1-573476f2029b793e into main. No base build found for main.