From bfa83b8a1d7c098962ab5fd23d5f55e4188ec03f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 27 Jan 2026 13:17:27 +0000
Subject: [PATCH] fix: workspaces/libnpmpack/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
---
 workspaces/libnpmpack/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json
index a3074218a9098..1a6b8a758f38c 100644
--- a/workspaces/libnpmpack/package.json
+++ b/workspaces/libnpmpack/package.json
@@ -36,10 +36,10 @@
   "bugs": "https://github.com/npm/libnpmpack/issues",
   "homepage": "https://npmjs.com/package/libnpmpack",
   "dependencies": {
-    "@npmcli/arborist": "^7.1.0",
-    "@npmcli/run-script": "^7.0.1",
+    "@npmcli/arborist": "^9.0.0",
+    "@npmcli/run-script": "^9.0.2",
     "npm-package-arg": "^11.0.0",
-    "pacote": "^17.0.4"
+    "pacote": "^21.0.1"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"