[Snyk] Fix for 1 vulnerabilities

[LadyK-21]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/arborist

The new version differs by 34 commits.

• 1ab9776 deps: @ npmcli/arborist@5.2.2
• 04682b7 chore(latest): release arborist 5.2.2
• 14a08d6 deps: libnpmexec@4.0.7
• d450d23 chore(latest): release libnpmexec 4.0.7
• 3ea332b deps: libnpmpack@4.1.1
• 76bbb9a chore(latest): release libnpmpack 4.1.1
• a5be4d6 deps: libnpmversion@3.0.5
• 362325a chore(latest): release libnpmversion 3.0.5
• afa10c7 deps: libnpmdiff@4.0.4
• c21f3d1 chore(latest): release libnpmdiff 4.0.4
• 06fd788 feat: prompt before opening web-login URL when performing `login`/`adduser` (feat: prompt before opening web-login URL when performing login/adduser npm/cli#4960)
• aab4079 chore: rename node branches (chore: rename node branches npm/cli#5028)
• facba42 docs: fix typo (docs: fix typo npm/cli#5030)
• 01eef03 deps: npm-profile@6.1.0 (deps: npm-profile@6.1.0 npm/cli#5034)
• 2953983 fix(view): error on missing version (fix(view): error on missing version npm/cli#5035)
• e03009f fix: Add space to SemVer log message (fix: Add space to SemVer log message npm/cli#5042)
• 61112f7 deps: make-fetch-happen@10.1.8 (deps: make-fetch-happen@10.1.8 npm/cli#5044)
• 3e28f3c chore(tests): fix tests for @ npmcli/run-script@4.1.0 update
• 2c06cee deps: @ npmcli/run-script@4.1.0
• 2e50cb8 deps: pacote@13.6.1
• 69b5a96 docs: consolidate docs and help for package spec (docs: consolidate docs and help for package spec npm/cli#5048)
• f2340f8 8.12.2
• d8732cd chore: changelog for v8.12.2
• d404c8c deps: cacache@16.1.1 (deps: cacache@16.1.1 npm/cli#4985)

See the full diff

Package name: libnpmexec

The new version differs by 27 commits.

• 14a08d6 deps: libnpmexec@4.0.7
• d450d23 chore(latest): release libnpmexec 4.0.7
• 3ea332b deps: libnpmpack@4.1.1
• 76bbb9a chore(latest): release libnpmpack 4.1.1
• a5be4d6 deps: libnpmversion@3.0.5
• 362325a chore(latest): release libnpmversion 3.0.5
• afa10c7 deps: libnpmdiff@4.0.4
• c21f3d1 chore(latest): release libnpmdiff 4.0.4
• 06fd788 feat: prompt before opening web-login URL when performing `login`/`adduser` (feat: prompt before opening web-login URL when performing login/adduser npm/cli#4960)
• aab4079 chore: rename node branches (chore: rename node branches npm/cli#5028)
• facba42 docs: fix typo (docs: fix typo npm/cli#5030)
• 01eef03 deps: npm-profile@6.1.0 (deps: npm-profile@6.1.0 npm/cli#5034)
• 2953983 fix(view): error on missing version (fix(view): error on missing version npm/cli#5035)
• e03009f fix: Add space to SemVer log message (fix: Add space to SemVer log message npm/cli#5042)
• 61112f7 deps: make-fetch-happen@10.1.8 (deps: make-fetch-happen@10.1.8 npm/cli#5044)
• 3e28f3c chore(tests): fix tests for @ npmcli/run-script@4.1.0 update
• 2c06cee deps: @ npmcli/run-script@4.1.0
• 2e50cb8 deps: pacote@13.6.1
• 69b5a96 docs: consolidate docs and help for package spec (docs: consolidate docs and help for package spec npm/cli#5048)
• f2340f8 8.12.2
• d8732cd chore: changelog for v8.12.2
• d404c8c deps: cacache@16.1.1 (deps: cacache@16.1.1 npm/cli#4985)
• 053dffe deps: make-fetch-happen@10.1.7 (deps: make-fetch-happen@10.1.7 npm/cli#4986)
• 253671d chore(tests): fix libnpmdiff tests for execPaths with spaces (chore(tests): fix libnpmdiff tests for execPaths with spaces npm/cli#4988)

See the full diff

Package name: libnpmpack

The new version differs by 48 commits.

• 3ea332b deps: libnpmpack@4.1.1
• 76bbb9a chore(latest): release libnpmpack 4.1.1
• a5be4d6 deps: libnpmversion@3.0.5
• 362325a chore(latest): release libnpmversion 3.0.5
• afa10c7 deps: libnpmdiff@4.0.4
• c21f3d1 chore(latest): release libnpmdiff 4.0.4
• 06fd788 feat: prompt before opening web-login URL when performing `login`/`adduser` (feat: prompt before opening web-login URL when performing login/adduser npm/cli#4960)
• aab4079 chore: rename node branches (chore: rename node branches npm/cli#5028)
• facba42 docs: fix typo (docs: fix typo npm/cli#5030)
• 01eef03 deps: npm-profile@6.1.0 (deps: npm-profile@6.1.0 npm/cli#5034)
• 2953983 fix(view): error on missing version (fix(view): error on missing version npm/cli#5035)
• e03009f fix: Add space to SemVer log message (fix: Add space to SemVer log message npm/cli#5042)
• 61112f7 deps: make-fetch-happen@10.1.8 (deps: make-fetch-happen@10.1.8 npm/cli#5044)
• 3e28f3c chore(tests): fix tests for @ npmcli/run-script@4.1.0 update
• 2c06cee deps: @ npmcli/run-script@4.1.0
• 2e50cb8 deps: pacote@13.6.1
• 69b5a96 docs: consolidate docs and help for package spec (docs: consolidate docs and help for package spec npm/cli#5048)
• f2340f8 8.12.2
• d8732cd chore: changelog for v8.12.2
• d404c8c deps: cacache@16.1.1 (deps: cacache@16.1.1 npm/cli#4985)
• 053dffe deps: make-fetch-happen@10.1.7 (deps: make-fetch-happen@10.1.7 npm/cli#4986)
• 253671d chore(tests): fix libnpmdiff tests for execPaths with spaces (chore(tests): fix libnpmdiff tests for execPaths with spaces npm/cli#4988)
• b46fed7 8.12.1
• 635c921 chore: changelog for v8.12.1

See the full diff

Package name: libnpmversion

The new version differs by 109 commits.

• a5be4d6 deps: libnpmversion@3.0.5
• 362325a chore(latest): release libnpmversion 3.0.5
• afa10c7 deps: libnpmdiff@4.0.4
• c21f3d1 chore(latest): release libnpmdiff 4.0.4
• 06fd788 feat: prompt before opening web-login URL when performing `login`/`adduser` (feat: prompt before opening web-login URL when performing login/adduser npm/cli#4960)
• aab4079 chore: rename node branches (chore: rename node branches npm/cli#5028)
• facba42 docs: fix typo (docs: fix typo npm/cli#5030)
• 01eef03 deps: npm-profile@6.1.0 (deps: npm-profile@6.1.0 npm/cli#5034)
• 2953983 fix(view): error on missing version (fix(view): error on missing version npm/cli#5035)
• e03009f fix: Add space to SemVer log message (fix: Add space to SemVer log message npm/cli#5042)
• 61112f7 deps: make-fetch-happen@10.1.8 (deps: make-fetch-happen@10.1.8 npm/cli#5044)
• 3e28f3c chore(tests): fix tests for @ npmcli/run-script@4.1.0 update
• 2c06cee deps: @ npmcli/run-script@4.1.0
• 2e50cb8 deps: pacote@13.6.1
• 69b5a96 docs: consolidate docs and help for package spec (docs: consolidate docs and help for package spec npm/cli#5048)
• f2340f8 8.12.2
• d8732cd chore: changelog for v8.12.2
• d404c8c deps: cacache@16.1.1 (deps: cacache@16.1.1 npm/cli#4985)
• 053dffe deps: make-fetch-happen@10.1.7 (deps: make-fetch-happen@10.1.7 npm/cli#4986)
• 253671d chore(tests): fix libnpmdiff tests for execPaths with spaces (chore(tests): fix libnpmdiff tests for execPaths with spaces npm/cli#4988)
• b46fed7 8.12.1
• 635c921 chore: changelog for v8.12.1
• 40c823c fix: undeprecate and remove warnings for --global, -g, --local (fix: undeprecate and remove warnings for --global, -g, --local npm/cli#4982)
• 4ee12d0 8.12.0

See the full diff

Package name: pacote

The new version differs by 2 commits.

• 87d4b46 chore(main): release 13.6.1 (Do not pretty-print package-lock.json to prevent corrupting git lines count history npm/cli#186)
• d0459ec deps: bump @ npmcli/run-script from 3.0.3 to 4.1.0 (Allow git to follow global tagsign config npm/cli#185)

See the full diff

Package name: tar

The new version differs by 63 commits.

• c65f76d 6.2.1
• ffe6824 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• c9fc57c feat: add initial support for brotli
• 8c5af15 silence dependabot
• 3302cf7 6.1.15
• 4501bdb Normalize unicode internally using NFD
• 24efc74 remove parallelism causing test/pack.js to be flaky
• 8cd8139 move mutateFS reset out of t.teardown
• 4aaffc8 6.1.14
• 4cbdd67 deps: minipass@5.0.0
• 75d3081 fix: update repository url in package.json
• 82bb328 chore: postinstall for dependabot template-oss PR
• 5f31636 chore: bump @ npmcli/template-oss from 4.10.0 to 4.11.0
• a044a87 chore: release 6.1.13 (NPM CI ignores engine-strict npm/cli#344)
• cc4e0dd deps: bump minipass from 3.3.6 to 4.0.0
• 5dcfcb3 chore: bump events-to-array from 1.1.2 to 2.0.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')