From aec5e8a901fbbedf05c9796f4c1b68712076f40b Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Fri, 3 Apr 2026 07:39:18 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-15869625
- https://snyk.io/vuln/SNYK-JS-LODASH-15869619
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d850793..8d9c9e3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
       "license": "MIT",
       "dependencies": {
         "got": "^10.7.0",
-        "lodash": "^4.17.15",
+        "lodash": "^4.18.1",
         "qs": "^6.9.3",
         "stopcock": "^1.1.0"
       },
@@ -5687,9 +5687,10 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "license": "MIT"
     },
     "node_modules/lodash.sortby": {
       "version": "4.7.0",
diff --git a/package.json b/package.json
index 121bcbd..c68025a 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,7 @@
   "homepage": "https://github.com/CondeNast/recharge-api-node#readme",
   "dependencies": {
     "got": "^10.7.0",
-    "lodash": "^4.17.15",
+    "lodash": "^4.18.1",
     "qs": "^6.9.3",
     "stopcock": "^1.1.0"
   },