From 140f54b8916f5b7a325bd3443359d524448a5482 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 29 Jan 2026 13:05:59 +0000
Subject: [PATCH 1/2] fix: workspaces/arborist/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 workspaces/arborist/package.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json
index 9fdbbbf8607ad..af1f4fdab3d32 100644
--- a/workspaces/arborist/package.json
+++ b/workspaces/arborist/package.json
@@ -7,15 +7,15 @@
     "@npmcli/fs": "^3.1.1",
     "@npmcli/installed-package-contents": "^2.1.0",
     "@npmcli/map-workspaces": "^3.0.2",
-    "@npmcli/metavuln-calculator": "^7.1.1",
+    "@npmcli/metavuln-calculator": "^9.0.0",
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
     "@npmcli/package-json": "^5.1.0",
     "@npmcli/query": "^3.1.0",
     "@npmcli/redact": "^2.0.0",
-    "@npmcli/run-script": "^8.1.0",
+    "@npmcli/run-script": "^9.0.2",
     "bin-links": "^4.0.4",
-    "cacache": "^18.0.3",
+    "cacache": "^19.0.0",
     "common-ancestor-path": "^1.0.1",
     "hosted-git-info": "^7.0.2",
     "json-parse-even-better-errors": "^3.0.2",
@@ -26,8 +26,8 @@
     "npm-install-checks": "^6.2.0",
     "npm-package-arg": "^11.0.2",
     "npm-pick-manifest": "^9.0.1",
-    "npm-registry-fetch": "^17.0.1",
-    "pacote": "^18.0.6",
+    "npm-registry-fetch": "^18.0.1",
+    "pacote": "^21.0.1",
     "parse-conflict-json": "^3.0.0",
     "proc-log": "^4.2.0",
     "proggy": "^2.0.0",

From ed20f2c8258d2d33aa8af73f6b8b1688082cdfac Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 31 Jan 2026 10:11:49 +0000
Subject: [PATCH 2/2] fix: workspaces/arborist/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355