From ee9fa8e4639bbdf58457f8283c4bdf95246213c3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 26 Jan 2026 12:17:53 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 3b8a84cd703..579b0425f43 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
   "dependencies": {
     "adm-zip": "0.5.2",
     "body-parser": "1.17.1",
-    "cfenv": "^1.2.4",
+    "cfenv": "^1.2.5",
     "consolidate": "0.14.5",
     "cookie-parser": "1.3.3",
     "dustjs-helpers": "1.5.0",
@@ -29,7 +29,7 @@
     "file-type": "^8.1.0",
     "humanize-ms": "1.0.1",
     "jquery": "^3.5.0",
-    "lodash": "4.17.21",
+    "lodash": "4.17.23",
     "marked": "4.0.10",
     "method-override": "latest",
     "moment": "2.19.3",
@@ -42,7 +42,7 @@
     "optional": "^0.1.3",
     "st": "1.2.2",
     "stream-buffers": "^3.0.1",
-    "tap": "^20.0.0",
+    "tap": "^21.1.1",
     "typeorm": "^0.2.27"
   },
   "devDependencies": {