GHSA-jc7w-c686-c4v9: github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

GHSA-3rw9-wmc8-8948: Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser.

**Stud42 vulnerable to denial of service**

High severity GitHub Reviewed Published Mar 28, 2023 in 42Atomys/stud42 • Updated Mar 31, 2023