From ad6e05427c4ca92136631bf3dfe2c4e38fba5878 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 2 Feb 2026 11:35:47 +0000
Subject: [PATCH 1/2] fix: workspaces/libnpmexec/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 workspaces/libnpmexec/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json
index 159501266386a..29735af0d59c0 100644
--- a/workspaces/libnpmexec/package.json
+++ b/workspaces/libnpmexec/package.json
@@ -59,11 +59,11 @@
     "tap": "^16.3.8"
   },
   "dependencies": {
-    "@npmcli/arborist": "^7.5.4",
-    "@npmcli/run-script": "^8.1.0",
+    "@npmcli/arborist": "^9.0.0",
+    "@npmcli/run-script": "^9.0.2",
     "ci-info": "^4.0.0",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.6",
+    "pacote": "^21.0.1",
     "proc-log": "^4.2.0",
     "read": "^3.0.1",
     "read-package-json-fast": "^3.0.2",

From 28e2bdc4ad487ca70b7545681a95843fabe23af3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 3 Feb 2026 14:03:05 +0000
Subject: [PATCH 2/2] fix: workspaces/libnpmexec/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15127355