From d2ffda3eb1bf0d50af78555bf9bf1f2ac3cd3e1f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 21 Jan 2026 18:52:26 +0000
Subject: [PATCH] fix: deps/npm/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
---
 deps/npm/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deps/npm/package.json b/deps/npm/package.json
index fb2b04c1b5c60f..a8a217f6274944 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -93,7 +93,7 @@
     "once": "~1.4.0",
     "opener": "~1.4.3",
     "osenv": "~0.1.4",
-    "pacote": "^7.0.2",
+    "pacote": "^21.0.1",
     "path-is-inside": "~1.0.2",
     "promise-inflight": "~1.0.1",
     "qrcode-terminal": "~0.11.0",
@@ -116,7 +116,7 @@
     "sorted-union-stream": "~2.1.3",
     "ssri": "~5.0.0",
     "strip-ansi": "~4.0.0",
-    "tar": "^4.0.2",
+    "tar": "^7.5.4",
     "text-table": "~0.2.0",
     "uid-number": "0.0.6",
     "umask": "~1.1.0",