From 8f8f177e6a05170f2f80051bef584fe1cdfbb930 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 26 Jan 2026 08:08:23 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index d205a223469..46e48b8e21a 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,7 @@
   "dependencies": {
     "adm-zip": "0.4.7",
     "body-parser": "1.9.0",
-    "cfenv": "^1.0.4",
+    "cfenv": "^1.2.5",
     "consolidate": "0.14.5",
     "cookie-parser": "1.3.3",
     "dustjs-helpers": "1.5.0",
@@ -32,7 +32,7 @@
     "file-type": "^8.1.0",
     "humanize-ms": "1.0.1",
     "jquery": "^2.2.4",
-    "lodash": "4.17.4",
+    "lodash": "4.17.23",
     "marked": "0.3.5",
     "method-override": "latest",
     "moment": "2.15.1",
@@ -43,7 +43,7 @@
     "optional": "^0.1.3",
     "st": "0.2.4",
     "stream-buffers": "^3.0.1",
-    "tap": "^11.1.3"
+    "tap": "^18.0.0"
   },
   "devDependencies": {
     "browserify": "^13.1.1",