From e6b90207ab7c6d496565d5b4715b75a4dbfd3481 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 12 Oct 2025 20:29:44 +0000
Subject: [PATCH] fix: api/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LUXON-3225081
- https://snyk.io/vuln/SNYK-JS-YAML-5458867
- https://snyk.io/vuln/SNYK-JS-KOA-8720152
- https://snyk.io/vuln/SNYK-JS-KOA-9679272
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-7278048
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-TAR-6476909
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-5496331
- https://snyk.io/vuln/SNYK-JS-KOA-10944994
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
---
 api/package.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/package.json b/api/package.json
index 74729e636e5..cd42763d948 100644
--- a/api/package.json
+++ b/api/package.json
@@ -51,26 +51,26 @@
     "cron-parser": "^4.6.0",
     "dotenv": "^16.0.0",
     "generic-pool": "^3.8.2",
-    "koa": "^2.13.4",
+    "koa": "^2.16.2",
     "koa-body": "^5.0.0",
-    "koa-router": "^10.1.1",
+    "koa-router": "^14.0.0",
     "koa-static": "^5.0.0",
     "lru-cache": "^7.13.1",
-    "luxon": "^2.3.0",
+    "luxon": "^2.5.2",
     "mysql": "^2.18.1",
     "mysql2": "^2.3.3",
     "node-schedule": "^2.1.0",
     "node-sql-parser": "^4.5.0",
     "octokit": "^1.7.1",
     "p-queue": "^7.3.0",
-    "pinyin": "3.0.0-alpha.5",
+    "pinyin": "4.0.0",
     "prom-client": "^14.0.1",
     "reflect-metadata": "^0.1.13",
-    "socket.io": "^4.5.2",
+    "socket.io": "^4.8.0",
     "table": "^6.8.0",
     "tail": "^2.2.4",
     "tiny-async-pool": "^1.2.0",
-    "yaml": "^2.0.1"
+    "yaml": "^2.2.2"
   },
   "devDependencies": {
     "@types/async": "^3.2.15",