From ee9e5f3499eec54d9afdcd1f3632eaa3a0bafa57 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 3 Feb 2026 14:06:35 +0000
Subject: [PATCH 1/2] fix: workspaces/libnpmpack/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 workspaces/libnpmpack/package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json
index 03fc3cda5cb87..ea9e975ef4412 100644
--- a/workspaces/libnpmpack/package.json
+++ b/workspaces/libnpmpack/package.json
@@ -36,10 +36,10 @@
   "bugs": "https://github.com/npm/libnpmpack/issues",
   "homepage": "https://npmjs.com/package/libnpmpack",
   "dependencies": {
-    "@npmcli/arborist": "^7.5.4",
-    "@npmcli/run-script": "^8.1.0",
+    "@npmcli/arborist": "^9.0.0",
+    "@npmcli/run-script": "^9.0.2",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.6"
+    "pacote": "^21.0.1"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"

From 56fa0f643f09c29701ecf8c8ea8018fae577b9d9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 3 Feb 2026 14:34:52 +0000
Subject: [PATCH 2/2] fix: workspaces/libnpmpack/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15127355