From d238787f7ae231cbd473311ebcb1f1e43dff6378 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 20 Jan 2026 10:58:58 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
---
 package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 8d3a4e7d2..12b420901 100644
--- a/package.json
+++ b/package.json
@@ -48,7 +48,7 @@
   "dependencies": {
     "async": "^1.3.0",
     "bindings": "^1.2.1",
-    "bitcore-lib": "^0.13.13",
+    "bitcore-lib": "^8.22.2",
     "body-parser": "^1.13.3",
     "colors": "^1.1.2",
     "commander": "^2.8.1",
@@ -60,7 +60,7 @@
     "memdown": "^1.0.0",
     "mkdirp": "0.5.0",
     "nan": "^2.0.9",
-    "npm": "^2.14.1",
+    "npm": "^7.21.0",
     "semver": "^5.0.1",
     "socket.io": "bitpay/socket.io#bitpay-1.3.7",
     "socket.io-client": "bitpay/socket.io-client#bitpay-1.3.7"