From 20317f50d6a2f1b2fa2f2c8e74dd5e88fa761e67 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 5 Feb 2026 13:57:43 +0000
Subject: [PATCH 1/2] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-GLOB-14040952
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
---
 package.json | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/package.json b/package.json
index 02e2de7f2d692..edb80dd65fce0 100644
--- a/package.json
+++ b/package.json
@@ -52,58 +52,58 @@
   },
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
-    "@npmcli/arborist": "^7.5.4",
-    "@npmcli/config": "^8.3.4",
+    "@npmcli/arborist": "^9.1.5",
+    "@npmcli/config": "^10.4.1",
     "@npmcli/fs": "^3.1.1",
     "@npmcli/map-workspaces": "^3.0.6",
-    "@npmcli/package-json": "^5.2.0",
+    "@npmcli/package-json": "^7.0.3",
     "@npmcli/promise-spawn": "^7.0.2",
     "@npmcli/redact": "^2.0.1",
-    "@npmcli/run-script": "^8.1.0",
-    "@sigstore/tuf": "^2.3.4",
+    "@npmcli/run-script": "^10.0.3",
+    "@sigstore/tuf": "^4.0.0",
     "abbrev": "^2.0.0",
     "archy": "~1.0.0",
-    "cacache": "^18.0.3",
+    "cacache": "^20.0.3",
     "chalk": "^5.3.0",
     "ci-info": "^4.0.0",
     "cli-columns": "^4.0.0",
     "fastest-levenshtein": "^1.0.16",
     "fs-minipass": "^3.0.3",
-    "glob": "^10.4.2",
+    "glob": "^12.0.0",
     "graceful-fs": "^4.2.11",
     "hosted-git-info": "^7.0.2",
     "ini": "^4.1.3",
-    "init-package-json": "^6.0.3",
+    "init-package-json": "^8.2.2",
     "is-cidr": "^5.1.0",
     "json-parse-even-better-errors": "^3.0.2",
-    "libnpmaccess": "^8.0.6",
-    "libnpmdiff": "^6.1.4",
-    "libnpmexec": "^8.1.3",
-    "libnpmfund": "^5.0.12",
+    "libnpmaccess": "^10.0.2",
+    "libnpmdiff": "^8.0.0",
+    "libnpmexec": "^10.1.7",
+    "libnpmfund": "^7.0.0",
     "libnpmhook": "^10.0.5",
-    "libnpmorg": "^6.0.6",
-    "libnpmpack": "^7.0.4",
-    "libnpmpublish": "^9.0.9",
-    "libnpmsearch": "^7.0.6",
-    "libnpmteam": "^6.0.5",
-    "libnpmversion": "^6.0.3",
-    "make-fetch-happen": "^13.0.1",
+    "libnpmorg": "^8.0.1",
+    "libnpmpack": "^9.0.8",
+    "libnpmpublish": "^11.1.1",
+    "libnpmsearch": "^9.0.1",
+    "libnpmteam": "^8.0.2",
+    "libnpmversion": "^8.0.2",
+    "make-fetch-happen": "^15.0.0",
     "minimatch": "^9.0.5",
     "minipass": "^7.1.1",
     "minipass-pipeline": "^1.2.4",
     "ms": "^2.1.2",
-    "node-gyp": "^10.1.0",
+    "node-gyp": "^12.0.0",
     "nopt": "^7.2.1",
     "normalize-package-data": "^6.0.2",
     "npm-audit-report": "^5.0.0",
     "npm-install-checks": "^6.3.0",
     "npm-package-arg": "^11.0.2",
     "npm-pick-manifest": "^9.1.0",
-    "npm-profile": "^10.0.0",
-    "npm-registry-fetch": "^17.1.0",
+    "npm-profile": "^12.0.0",
+    "npm-registry-fetch": "^19.0.0",
     "npm-user-validate": "^2.0.1",
     "p-map": "^4.0.0",
-    "pacote": "^18.0.6",
+    "pacote": "^21.0.1",
     "parse-conflict-json": "^3.0.1",
     "proc-log": "^4.2.0",
     "qrcode-terminal": "^0.12.0",

From 5e75da41a04e5e015973d47a1ea09a241e3b77b6 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 10 Feb 2026 18:43:40 +0000
Subject: [PATCH 2/2] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-GLOB-14040952
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073