[CVE-2026-27699] - Request for Release Upgrading Vulnerable basic-ftp Dependency

[johanlelan-mgdis]

Hello,

Could you please let us know when you plan to release a new version of proxy-agent that upgrades the basic-ftp dependency to address the security vulnerability described in GHSA-5rq4-664w-9x2c?

From what I can see, the dependency chain is:
basic-ftp → get-uri → pac-proxy-agent → proxy-agent

This would help us and other users ensure our applications remain secure.

Thank you for your work and support!