From 7d2463b767fccd8b80181b4ae4d8b7f66946b2c3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 26 Jan 2026 11:56:43 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
---
 package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 1d3dde7..0c78d4f 100644
--- a/package.json
+++ b/package.json
@@ -35,13 +35,13 @@
     "downshift": "2.0.0",
     "express": "^4.17.1",
     "express-favicon": "^2.0.1",
-    "firebase": "5.0.4",
+    "firebase": "7.14.0",
     "formsy-react": "1.1.4",
     "google-map-react": "1.0.4",
     "jss-extend": "6.2.0",
     "keycode": "2.2.0",
     "lint-staged": "^7.2.0",
-    "lodash": "4.17.10",
+    "lodash": "4.17.23",
     "material-ui": "^0.20.2",
     "material-ui-superselectfield": "^1.9.8",
     "mobile-detect": "1.4.2",
@@ -68,7 +68,7 @@
     "react-responsive-carousel": "^3.1.51",
     "react-router-config": "1.0.0-beta.4",
     "react-router-dom": "4.3.1",
-    "react-scripts": "4.0.0",
+    "react-scripts": "5.0.0",
     "react-select": "^2.1.0",
     "react-spinkit": "^3.0.0",
     "react-swipeable-views": "0.12.13",
@@ -77,7 +77,7 @@
     "redux": "4.0.0",
     "redux-thunk": "2.3.0",
     "request": "^2.88.0",
-    "sinon": "^7.0.0",
+    "sinon": "^16.1.2",
     "spotify-web-api-js": "^0.24.0",
     "typeface-roboto": "0.0.54",
     "typescript": "^2.9.2",