From dfeb69ef44b2c90079e5585fdf9dd6cf3de50730 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 30 Jan 2026 08:44:59 +0000
Subject: [PATCH] fix: deps/npm/node_modules/@npmcli/arborist/package.json to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 deps/npm/node_modules/@npmcli/arborist/package.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index a9ec27bacb0035..058dda04a61449 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -7,14 +7,14 @@
     "@npmcli/fs": "^3.1.0",
     "@npmcli/installed-package-contents": "^2.0.2",
     "@npmcli/map-workspaces": "^3.0.2",
-    "@npmcli/metavuln-calculator": "^5.0.0",
+    "@npmcli/metavuln-calculator": "^9.0.0",
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
     "@npmcli/package-json": "^4.0.0",
     "@npmcli/query": "^3.0.0",
-    "@npmcli/run-script": "^6.0.0",
+    "@npmcli/run-script": "^9.0.2",
     "bin-links": "^4.0.1",
-    "cacache": "^17.0.4",
+    "cacache": "^19.0.0",
     "common-ancestor-path": "^1.0.1",
     "hosted-git-info": "^6.1.1",
     "json-parse-even-better-errors": "^3.0.0",
@@ -24,9 +24,9 @@
     "npm-install-checks": "^6.0.0",
     "npm-package-arg": "^10.1.0",
     "npm-pick-manifest": "^8.0.1",
-    "npm-registry-fetch": "^14.0.3",
+    "npm-registry-fetch": "^18.0.1",
     "npmlog": "^7.0.1",
-    "pacote": "^15.0.8",
+    "pacote": "^21.0.1",
     "parse-conflict-json": "^3.0.0",
     "proc-log": "^3.0.0",
     "promise-all-reject-late": "^1.0.0",