From 68348db773e9013281c19c6de3204ccc95507824 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 22 Jan 2026 09:11:06 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index da0ea0a..691ca74 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "2.2.3",
       "license": "CC0-1.0",
       "dependencies": {
-        "lodash": "^4.17.21",
+        "lodash": "^4.17.23",
         "morgan": "^1.10.1",
         "rotating-file-stream": "^3.1.0",
         "winston": "^3.10.0",
@@ -3374,9 +3374,10 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "license": "MIT"
     },
     "node_modules/lodash.flattendeep": {
       "version": "4.4.0",
diff --git a/package.json b/package.json
index 5134f4f..46a0ff5 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
   "author": "Centers for Medicare & Medicaid Services",
   "license": "CC0-1.0",
   "dependencies": {
-    "lodash": "^4.17.21",
+    "lodash": "^4.17.23",
     "morgan": "^1.10.1",
     "rotating-file-stream": "^3.1.0",
     "winston": "^3.10.0",