Skip to content

build(deps-dev): bump basic-ftp from 5.0.5 to 5.2.0 in /components/chat_widget in the npm_and_yarn group across 1 directory#2919

Merged
snopoke merged 2 commits into
mainfrom
dependabot/npm_and_yarn/components/chat_widget/npm_and_yarn-387f502f5a
Feb 26, 2026
Merged

build(deps-dev): bump basic-ftp from 5.0.5 to 5.2.0 in /components/chat_widget in the npm_and_yarn group across 1 directory#2919
snopoke merged 2 commits into
mainfrom
dependabot/npm_and_yarn/components/chat_widget/npm_and_yarn-387f502f5a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 25, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 1 update in the /components/chat_widget directory: basic-ftp.

Updates basic-ftp from 5.0.5 to 5.2.0

Release notes

Sourced from basic-ftp's releases.

5.2.0

  • Changed: Skip files with invalid name in downloadToDir.

5.1.0

  • Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)
Changelog

Sourced from basic-ftp's changelog.

5.2.0

  • Changed: Skip files with invalid name in downloadToDir.

5.1.0

  • Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps-dev): bump basic-ftp
e0bee5b 
Bumps the npm_and_yarn group with 1 update in the /components/chat_widget directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp).


Updates `basic-ftp` from 5.0.5 to 5.2.0
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 25, 2026
@claude

claude Bot commented Feb 26, 2026

Copy link
Copy Markdown
Contributor

🔍 Dependency Analysis Summary

Package Old Version New Version Type
basic-ftp 5.0.5 5.2.0 MINOR

Overall Risk Assessment: LOW

This is a transitive dev-only dependency update with no breaking changes and no direct usage in OCS code.

📋 Detailed Changelog Review

Package: basic-ftp (5.0.5 → 5.2.0)

  • Dependency chain: puppeteerget-uribasic-ftp
  • Direct usage in OCS: None — this is a transitive dependency only

Changes:

  • 5.2.0: Skip files with invalid names in downloadToDir (bug fix behavior change)
  • 5.1.0: Added option to prevent use of separate transfer host IPs when using PASV mode (#259)

Breaking Changes: None

Security Fixes: None noted

Migration Notes: None required

⚠️ Impact Assessment

  • Breaking Changes Found: No
  • Affected Files: Only components/chat_widget/package-lock.json (lock file update only)
  • Test Impact: None — basic-ftp is consumed by puppeteer (a dev/test tool) and is not exercised by OCS tests directly
  • Configuration Changes: None required

🛠️ Recommendations

  • Action Required: None — this is a safe, routine update
  • Testing Focus: No targeted testing needed; standard chat widget smoke test is sufficient if CI passes
  • Follow-up Tasks: None
  • Merge Recommendation: ✅ APPROVE — low-risk MINOR bump of a transitive dev-only dependency with no breaking changes and no direct OCS usage

📚 Useful Links

@snopoke snopoke merged commit 20f6f82 into main Feb 26, 2026
7 checks passed
@snopoke snopoke deleted the dependabot/npm_and_yarn/components/chat_widget/npm_and_yarn-387f502f5a branch February 26, 2026 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snopoke