From 1a066c8e8f87d5005b06434e85531e78942b5b7e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 29 Jan 2026 07:15:15 +0000
Subject: [PATCH] fix: cli/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 cli/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cli/package.json b/cli/package.json
index 616b2f96ecd..701b4d455c3 100644
--- a/cli/package.json
+++ b/cli/package.json
@@ -22,10 +22,10 @@
     "front-matter": "^4.0.2",
     "minimatch": "^9.0.3",
     "minipass": "^7.0.4",
-    "pacote": "^17.0.5",
+    "pacote": "^21.0.1",
     "proc-log": "^3.0.0",
     "semver": "^7.5.4",
-    "tar": "^6.2.0",
+    "tar": "^7.5.7",
     "yaml": "^2.3.4"
   },
   "devDependencies": {