From 97e1b4caa2d803b9b720d7a6d7b7ed6573ff141f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 24 Jan 2026 10:30:56 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index da13bc85d2..300f7fdc24 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
   "dependencies": {
     "adm-zip": "0.4.7",
     "body-parser": "1.9.0",
-    "cfenv": "^1.0.4",
+    "cfenv": "^1.2.5",
     "consolidate": "0.14.5",
     "cookie-parser": "1.3.3",
     "dustjs-helpers": "1.5.0",
@@ -29,7 +29,7 @@
     "file-type": "^8.1.0",
     "humanize-ms": "1.0.1",
     "jquery": "^2.2.4",
-    "lodash": "4.17.4",
+    "lodash": "4.17.23",
     "marked": "0.3.5",
     "method-override": "latest",
     "moment": "2.15.1",
@@ -42,7 +42,7 @@
     "optional": "^0.1.3",
     "st": "0.2.4",
     "stream-buffers": "^3.0.1",
-    "tap": "^11.1.3",
+    "tap": "^18.0.0",
     "typeorm": "^0.2.24"
   },
   "devDependencies": {