From 2ebb04f42499c55e7db2db9fef7d2e4ca8779d0b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 30 Jan 2026 03:31:01 +0000
Subject: [PATCH] fix: src/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 src/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/package.json b/src/package.json
index f71b196cf8a..f2a7f53f0fd 100644
--- a/src/package.json
+++ b/src/package.json
@@ -52,7 +52,7 @@
     "log4js": "0.6.38",
     "measured-core": "^2.0.0",
     "mime-types": "^2.1.35",
-    "npm": "^6.14.15",
+    "npm": "^7.21.0",
     "openapi-backend": "^5.3.0",
     "proxy-addr": "^2.0.7",
     "rate-limiter-flexible": "^2.3.6",
@@ -67,7 +67,7 @@
     "terser": "^5.12.1",
     "threads": "^1.7.0",
     "tinycon": "0.6.8",
-    "ueberdb2": "^2.2.4",
+    "ueberdb2": "^3.0.0",
     "underscore": "1.13.3",
     "unorm": "1.6.0",
     "wtfnode": "^0.9.1"