From 457df9b71a36571d93d4bd81021e1c8944aa4c2f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 30 Jan 2026 14:55:26 +0000
Subject: [PATCH 1/2] fix: workspaces/libnpmpublish/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 workspaces/libnpmpublish/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json
index 87fc8215dcab8..62d573b54ee2b 100644
--- a/workspaces/libnpmpublish/package.json
+++ b/workspaces/libnpmpublish/package.json
@@ -41,10 +41,10 @@
     "ci-info": "^4.0.0",
     "normalize-package-data": "^6.0.1",
     "npm-package-arg": "^11.0.2",
-    "npm-registry-fetch": "^17.0.1",
+    "npm-registry-fetch": "^18.0.1",
     "proc-log": "^4.2.0",
     "semver": "^7.3.7",
-    "sigstore": "^2.2.0",
+    "sigstore": "^3.0.0",
     "ssri": "^10.0.6"
   },
   "engines": {

From 016cb924b11ccdf9909c45ef9534ffe97bd784a8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 2 Feb 2026 08:34:05 +0000
Subject: [PATCH 2/2] fix: workspaces/libnpmpublish/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355