From 4eb4b566b6359947ce1ff5ad007f31bb35bc3db4 Mon Sep 17 00:00:00 2001
From: d3xter666 <yavor.ivanov@sap.com>
Date: Thu, 29 Jan 2026 16:03:47 +0200
Subject: [PATCH] [INTERNAL] Bump tar from 7.5.6 to 7.5.7

Resolves alerts for several security advisories such as: GHSA-34x7-hfp2-rc4v

As per our assessment those vulnerabilities are not exploitable in the context of UI5 CLI.

The override for tar is specifically defined where necessary in order to not downgrade tar in case a new major version is being used by other dependencies.
---
 package-lock.json | 6 +++---
 package.json      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 95ce5cabe3c..5bfd9990875 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15626,9 +15626,9 @@
 			}
 		},
 		"node_modules/tar": {
-			"version": "7.5.6",
-			"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.6.tgz",
-			"integrity": "sha512-xqUeu2JAIJpXyvskvU3uvQW8PAmHrtXp2KDuMJwQqW8Sqq0CaZBAQ+dKS3RBXVhU4wC5NjAdKrmh84241gO9cA==",
+			"version": "7.5.7",
+			"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.7.tgz",
+			"integrity": "sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==",
 			"license": "BlueOak-1.0.0",
 			"dependencies": {
 				"@isaacs/fs-minipass": "^4.0.0",
diff --git a/package.json b/package.json
index ce3e155f567..8715723bde9 100644
--- a/package.json
+++ b/package.json
@@ -66,7 +66,7 @@
 	},
 	"overrides": {
 		"pacote@19": {
-			"tar": "^7.5.6"
+			"tar": "^7.5.7"
 		}
 	}
 }