From 603e47c2e0c544fe16b70491dfe7b2b1ae86a429 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 2 Apr 2026 10:33:58 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803084
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803082
- https://snyk.io/vuln/SNYK-JS-LODASH-15869625
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803086
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15807042
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15807040
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-LODASH-15869619
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15789775
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15813031
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15813000
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index e83f9fef5c2..1f921552fff 100644
--- a/package.json
+++ b/package.json
@@ -28,10 +28,10 @@
     "express-fileupload": "0.0.5",
     "express-session": "^1.17.2",
     "file-type": "^8.1.0",
-    "hbs": "^4.0.4",
+    "hbs": "^4.2.1",
     "humanize-ms": "1.0.1",
     "jquery": "^2.2.4",
-    "lodash": "4.17.4",
+    "lodash": "4.18.1",
     "marked": "0.3.5",
     "method-override": "latest",
     "moment": "2.15.1",
@@ -44,7 +44,7 @@
     "optional": "^0.1.3",
     "st": "0.2.4",
     "stream-buffers": "^3.0.1",
-    "tap": "^11.1.3",
+    "tap": "^18.0.0",
     "typeorm": "^0.2.24",
     "validator": "^13.5.2"
   },