From 0f849c11d2fa72acad6cc129f08401fcf0a71201 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 29 Jan 2026 13:00:40 +0000
Subject: [PATCH 1/2] fix: workspaces/libnpmdiff/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 workspaces/libnpmdiff/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json
index f1c28fd1735a2..eb86262adc076 100644
--- a/workspaces/libnpmdiff/package.json
+++ b/workspaces/libnpmdiff/package.json
@@ -46,14 +46,14 @@
     "tap": "^16.3.8"
   },
   "dependencies": {
-    "@npmcli/arborist": "^7.5.4",
+    "@npmcli/arborist": "^9.0.0",
     "@npmcli/installed-package-contents": "^2.1.0",
     "binary-extensions": "^2.3.0",
     "diff": "^5.1.0",
     "minimatch": "^9.0.4",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.6",
-    "tar": "^6.2.1"
+    "pacote": "^21.0.1",
+    "tar": "^7.5.7"
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",

From 54e5e8aa97144e70373807dd8caf710a5732fa86 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 1 Feb 2026 12:34:18 +0000
Subject: [PATCH 2/2] fix: workspaces/libnpmdiff/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355