From 6595e98b549ca79604ca1c094a55d4199a089044 Mon Sep 17 00:00:00 2001
From: Matti Nannt <matti@formbricks.com>
Date: Sun, 15 Feb 2026 12:11:12 +0100
Subject: [PATCH] fix: pin tar to patched version for dependabot

---
 package.json   |  3 ++-
 pnpm-lock.yaml | 12 ++++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index e47538a..d1e2cc2 100644
--- a/package.json
+++ b/package.json
@@ -25,7 +25,8 @@
       "on-headers": ">=1.1.0",
       "glob": ">=11.1.0",
       "node-forge": ">=1.3.2",
-      "js-yaml": ">=4.1.1"
+      "js-yaml": ">=4.1.1",
+      "tar": "7.5.7"
     }
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 2615c4c..ba75c46 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -9,6 +9,7 @@ overrides:
   glob: '>=11.1.0'
   node-forge: '>=1.3.2'
   js-yaml: '>=4.1.1'
+  tar: 7.5.7
 
 importers:
 
@@ -4281,10 +4282,9 @@ packages:
     resolution: {integrity: sha512-+XZ+r1XGIJGeQk3VvXhT6xx/VpbHsRzsTkGgF6E5RX9TTXD0118l87puaEBZ566FhqblC6U0d4XnubznJDm30A==}
     engines: {node: ^14.18.0 || >=16.0.0}
 
-  tar@7.5.2:
-    resolution: {integrity: sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==}
+  tar@7.5.7:
+    resolution: {integrity: sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==}
     engines: {node: '>=18'}
-    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
 
   temp-dir@2.0.0:
     resolution: {integrity: sha512-aoBAniQmmwtcKp/7BzsH8Cxzv8OL736p7v1ihGb5e9DJ9kTwGWHrQrVB5+lfVDzfGrdRzXch+ig7LHaY1JTOrg==}
@@ -5697,7 +5697,7 @@ snapshots:
       source-map-support: 0.5.21
       stacktrace-parser: 0.1.11
       structured-headers: 0.4.1
-      tar: 7.5.2
+      tar: 7.5.7
       terminal-link: 2.1.1
       undici: 6.21.3
       wrap-ansi: 7.0.0
@@ -8756,7 +8756,7 @@ snapshots:
   metro-source-map@0.83.3:
     dependencies:
       '@babel/traverse': 7.28.5
-      '@babel/traverse--for-generate-function-map': '@babel/traverse@7.28.5'
+      '@babel/traverse--for-generate-function-map': '@babel/traverse@7.29.0'
       '@babel/types': 7.28.5
       flow-enums-runtime: 0.0.6
       invariant: 2.2.4
@@ -9786,7 +9786,7 @@ snapshots:
     dependencies:
       '@pkgr/core': 0.2.7
 
-  tar@7.5.2:
+  tar@7.5.7:
     dependencies:
       '@isaacs/fs-minipass': 4.0.1
       chownr: 3.0.0