From 42d17aa463552ca20a2c9642de973d039cd7e68a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 26 Jan 2026 06:09:55 +0000
Subject: [PATCH] fix: packages/canvas-rce/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
---
 packages/canvas-rce/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/canvas-rce/package.json b/packages/canvas-rce/package.json
index dfd24cb93701d..f8e8429f4c32a 100644
--- a/packages/canvas-rce/package.json
+++ b/packages/canvas-rce/package.json
@@ -87,7 +87,7 @@
     "@instructure/ui-billboard": "9.10.0",
     "@instructure/ui-buttons": "9.10.0",
     "@instructure/ui-checkbox": "9.10.0",
-    "@instructure/ui-source-code-editor": "9.10.0",
+    "@instructure/ui-source-code-editor": "10.16.3",
     "@instructure/ui-color-picker": "8.56.4",
     "@instructure/ui-color-utils": "9.10.0",
     "@instructure/ui-file-drop": "9.10.0",
@@ -143,7 +143,7 @@
     "isomorphic-fetch": "2.2.1",
     "js-beautify": "1",
     "keycode": "^2",
-    "lodash": "^4",
+    "lodash": "^4.17.23",
     "mathlive": "^0.77.0",
     "minimatch": "~3.0.4",
     "moment-timezone": "^0.5.45",