From 96631206aeeffb21558b2f4190c1895801bcf23b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 27 Jan 2026 12:34:19 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index b31a981f52068..afd6cf313d735 100644
--- a/package.json
+++ b/package.json
@@ -77,7 +77,7 @@
     "is-cidr": "^5.1.1",
     "json-parse-even-better-errors": "^4.0.0",
     "libnpmaccess": "^10.0.1",
-    "libnpmdiff": "^8.0.6",
+    "libnpmdiff": "^8.0.8",
     "libnpmexec": "^10.1.5",
     "libnpmfund": "^7.0.6",
     "libnpmorg": "^8.0.0",
@@ -102,7 +102,7 @@
     "npm-registry-fetch": "^18.0.2",
     "npm-user-validate": "^3.0.0",
     "p-map": "^7.0.3",
-    "pacote": "^21.0.0",
+    "pacote": "^21.0.1",
     "parse-conflict-json": "^4.0.0",
     "proc-log": "^5.0.0",
     "qrcode-terminal": "^0.12.0",
@@ -111,7 +111,7 @@
     "spdx-expression-parse": "^4.0.0",
     "ssri": "^12.0.0",
     "supports-color": "^10.0.0",
-    "tar": "^6.2.1",
+    "tar": "^7.5.4",
     "text-table": "~0.2.0",
     "tiny-relative-date": "^1.3.0",
     "treeverse": "^3.0.0",