From cdadfb2ff7a8c0778a37d58d27188edfd0f4f3c3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 28 Mar 2026 18:42:38 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-15789759
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-15789761
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 0b96cf879c8..cde1126f78b 100644
--- a/package.json
+++ b/package.json
@@ -27,8 +27,8 @@
     "ejs": "2.5.5",
     "ejs-locals": "1.0.2",
     "errorhandler": "1.4.3",
-    "express": "4.16.0",
-    "express-fileupload": "0.0.5",
+    "express": "4.22.0",
+    "express-fileupload": "1.1.10",
     "humanize-ms": "1.2.1",
     "jquery": "^3.0.0",
     "marked": "0.3.17",
@@ -41,7 +41,7 @@
     "optional": "^0.1.3",
     "st": "1.2.2",
     "stream-buffers": "^3.0.1",
-    "tap": "^11.1.3",
+    "tap": "^18.0.0",
     "adm-zip": "0.4.11",
     "file-type": "^8.1.0",
     "snyk": "^1.90.0"