From 5413897957c78477d7357a8172913a43eb6a3e29 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 20 Jan 2026 19:34:34 +0000
Subject: [PATCH] fix: deps/npm/node_modules/pacote/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
---
 deps/npm/node_modules/pacote/package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index fc6ab52fa9bc08..d98afda7fb1865 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -43,8 +43,8 @@
     "@npmcli/git": "^3.0.0",
     "@npmcli/installed-package-contents": "^1.0.7",
     "@npmcli/promise-spawn": "^1.2.0",
-    "@npmcli/run-script": "^3.0.0",
-    "cacache": "^15.3.0",
+    "@npmcli/run-script": "^9.0.2",
+    "cacache": "^19.0.0",
     "chownr": "^2.0.0",
     "fs-minipass": "^2.1.0",
     "infer-owner": "^1.0.4",
@@ -53,14 +53,14 @@
     "npm-package-arg": "^9.0.0",
     "npm-packlist": "^3.0.0",
     "npm-pick-manifest": "^7.0.0",
-    "npm-registry-fetch": "^13.0.0",
+    "npm-registry-fetch": "^18.0.1",
     "proc-log": "^2.0.0",
     "promise-retry": "^2.0.1",
     "read-package-json": "^4.1.1",
     "read-package-json-fast": "^2.0.3",
     "rimraf": "^3.0.2",
     "ssri": "^8.0.1",
-    "tar": "^6.1.11"
+    "tar": "^7.5.4"
   },
   "engines": {
     "node": "^12.13.0 || ^14.15.0 || >=16"