From 2447c8e9e23997fb4a67274ee205ddd26e11665e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 17 Dec 2025 07:53:54 +0000
Subject: [PATCH 1/3] fix: packages/api/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRPCSERVER-14427432
---
 packages/api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/api/package.json b/packages/api/package.json
index b8f51c52..a92d97fd 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -23,7 +23,7 @@
     "@cooper/auth": "workspace:*",
     "@cooper/db": "workspace:*",
     "@cooper/validators": "workspace:*",
-    "@trpc/server": "11.0.0-rc.441",
+    "@trpc/server": "11.8.0",
     "bad-words": "^4.0.0",
     "fuse.js": "^7.0.0",
     "superjson": "2.2.1",

From c9bcd33cabd13b2bea2079fa8e1c76f7192befb3 Mon Sep 17 00:00:00 2001
From: gpalmer27 <palmer.gi@northeastern.edu>
Date: Tue, 30 Dec 2025 12:28:31 -0500
Subject: [PATCH 2/3] installed dependency

---
 pnpm-lock.yaml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 574553ff..04d29355 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -262,8 +262,8 @@ importers:
         specifier: workspace:*
         version: link:../validators
       '@trpc/server':
-        specifier: 11.0.0-rc.441
-        version: 11.0.0-rc.441
+        specifier: 11.8.0
+        version: 11.8.0(typescript@5.5.4)
       bad-words:
         specifier: ^4.0.0
         version: 4.0.0
@@ -3412,6 +3412,11 @@ packages:
   '@trpc/server@11.0.0-rc.441':
     resolution: {integrity: sha512-H0NN85JDgDlvG9tHW9efygLJZbVkszLagm5VeLD8MuhXqqKU+WyMTqb4D8rI560dse4dMC3lI5IoXaCEXMoznA==}
 
+  '@trpc/server@11.8.0':
+    resolution: {integrity: sha512-DphyQnLuyX2nwJCQGWQ9zYz4hZGvRhSBqDhQ0SH3tDhQ3PU4u68xofA0pJ741Ir4InEAFD+TtJVLAQy+wVOkiQ==}
+    peerDependencies:
+      typescript: '>=5.7.2'
+
   '@trysound/sax@0.2.0':
     resolution: {integrity: sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==}
     engines: {node: '>=10.13.0'}
@@ -12732,6 +12737,10 @@ snapshots:
 
   '@trpc/server@11.0.0-rc.441': {}
 
+  '@trpc/server@11.8.0(typescript@5.5.4)':
+    dependencies:
+      typescript: 5.5.4
+
   '@trysound/sax@0.2.0': {}
 
   '@tsconfig/node10@1.0.11': {}

From d78607be5d0ad138508439fedc0efe6aa1a1ea9c Mon Sep 17 00:00:00 2001
From: gpalmer27 <palmer.gi@northeastern.edu>
Date: Wed, 31 Dec 2025 13:14:48 -0500
Subject: [PATCH 3/3] updated dependency

---
 pnpm-lock.yaml | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 36711b74..1d8efde9 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3416,11 +3416,6 @@ packages:
     peerDependencies:
       typescript: '>=5.7.2'
 
-  '@trpc/server@11.8.0':
-    resolution: {integrity: sha512-DphyQnLuyX2nwJCQGWQ9zYz4hZGvRhSBqDhQ0SH3tDhQ3PU4u68xofA0pJ741Ir4InEAFD+TtJVLAQy+wVOkiQ==}
-    peerDependencies:
-      typescript: '>=5.7.2'
-
   '@trysound/sax@0.2.0':
     resolution: {integrity: sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==}
     engines: {node: '>=10.13.0'}
@@ -4242,9 +4237,6 @@ packages:
   caniuse-api@3.0.0:
     resolution: {integrity: sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==}
 
-  caniuse-lite@1.0.30001643:
-    resolution: {integrity: sha512-ERgWGNleEilSrHM6iUz/zJNSQTP8Mr21wDWpdgvRwcTXGAq6jMtOUPP4dqFPTdKqZ2wKTdtB+uucZ3MRpAUSmg==}
-
   caniuse-lite@1.0.30001655:
     resolution: {integrity: sha512-jRGVy3iSGO5Uutn2owlb5gR6qsGngTw9ZTb4ali9f3glshcNmJ2noam4Mo9zia5P9Dk3jNNydy7vQjuE5dQmfg==}
 
@@ -6987,7 +6979,6 @@ packages:
   next@14.2.35:
     resolution: {integrity: sha512-KhYd2Hjt/O1/1aZVX3dCwGXM1QmOV4eNM2UTacK5gipDdPN/oHHK/4oVGy7X8GMfPMsUTUEmGlsy0EY1YGAkig==}
     engines: {node: '>=18.17.0'}
-    deprecated: This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/security-update-2025-12-11 for more details.
     hasBin: true
     peerDependencies:
       '@opentelemetry/api': ^1.1.0
@@ -12741,10 +12732,6 @@ snapshots:
     dependencies:
       typescript: 5.5.4
 
-  '@trpc/server@11.8.0(typescript@5.5.4)':
-    dependencies:
-      typescript: 5.5.4
-
   '@trysound/sax@0.2.0': {}
 
   '@tsconfig/node10@1.0.11': {}
@@ -13674,7 +13661,7 @@ snapshots:
 
   browserslist@4.23.2:
     dependencies:
-      caniuse-lite: 1.0.30001643
+      caniuse-lite: 1.0.30001655
       electron-to-chromium: 1.4.832
       node-releases: 2.0.18
       update-browserslist-db: 1.1.0(browserslist@4.23.2)
@@ -13778,8 +13765,6 @@ snapshots:
       lodash.memoize: 4.1.2
       lodash.uniq: 4.5.0
 
-  caniuse-lite@1.0.30001643: {}
-
   caniuse-lite@1.0.30001655: {}
 
   ccount@2.0.1: {}
@@ -18522,7 +18507,7 @@ snapshots:
     dependencies:
       escalade: 3.1.2
       picocolors: 1.0.1
-      postcss: 8.4.39
+      postcss: 8.4.47
       strip-json-comments: 3.1.1
 
   run-async@2.4.1: {}