From 31e43c8e80a774f28515f8083f5f18a627e1b455 Mon Sep 17 00:00:00 2001
From: Kanishk Sachdev <kanishksachdev@gmail.com>
Date: Mon, 27 Oct 2025 17:40:37 -0400
Subject: [PATCH 1/4] TEMP: Remove unnecessary role restriction from photo
 upload endpoint

---
 src/modules/photo/photo.controller.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/modules/photo/photo.controller.ts b/src/modules/photo/photo.controller.ts
index eed3ba39..8600373b 100644
--- a/src/modules/photo/photo.controller.ts
+++ b/src/modules/photo/photo.controller.ts
@@ -28,7 +28,6 @@ export class PhotoController {
   constructor(private readonly photoService: PhotoService) {}
 
   @Post("/upload")
-  @Roles(Role.NONE)
   @UseInterceptors(FileInterceptor("photo"))
   @ApiDoc({
     summary: "Upload a photo",

From 36ba8a17c63c573a97d425ea1ae04f4851e04ee3 Mon Sep 17 00:00:00 2001
From: Kanishk Sachdev <kanishksachdev@gmail.com>
Date: Mon, 27 Oct 2025 17:48:55 -0400
Subject: [PATCH 2/4] feat: Add role restriction to photo upload endpoint

---
 src/modules/photo/photo.controller.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/modules/photo/photo.controller.ts b/src/modules/photo/photo.controller.ts
index 8600373b..eed3ba39 100644
--- a/src/modules/photo/photo.controller.ts
+++ b/src/modules/photo/photo.controller.ts
@@ -28,6 +28,7 @@ export class PhotoController {
   constructor(private readonly photoService: PhotoService) {}
 
   @Post("/upload")
+  @Roles(Role.NONE)
   @UseInterceptors(FileInterceptor("photo"))
   @ApiDoc({
     summary: "Upload a photo",

From bbb69a54548830c76a5c784698d7aeb458482754 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 21:55:28 +0000
Subject: [PATCH 3/4] chore(deps): update dependency axios to v1.13.0 (#380)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 yarn.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 61d7763d..a6ff0100 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2875,13 +2875,13 @@ async@^3.2.4:
 
 asynckit@^0.4.0:
   version "0.4.0"
-  resolved "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"
+  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
 
 axios@^1.12.0, axios@^1.7.9:
-  version "1.12.2"
-  resolved "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz"
-  integrity sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==
+  version "1.13.0"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.0.tgz#ead6f495f41f9c8869dcf7b0f24f5a4ab89707f0"
+  integrity sha512-zt40Pz4zcRXra9CVV31KeyofwiNvAbJ5B6YPz9pMJ+yOSLikvPT4Yi5LjfgjRa9CawVYBaD1JQzIVcIvBejKeA==
   dependencies:
     follow-redirects "^1.15.6"
     form-data "^4.0.4"
@@ -3330,7 +3330,7 @@ colorette@2.0.19:
 
 combined-stream@^1.0.8:
   version "1.0.8"
-  resolved "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz"
+  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
   integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
   dependencies:
     delayed-stream "~1.0.0"
@@ -3583,7 +3583,7 @@ defaults@^1.0.3:
 
 delayed-stream@~1.0.0:
   version "1.0.0"
-  resolved "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"
+  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
   integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==
 
 depd@2.0.0, depd@^2.0.0:
@@ -3863,7 +3863,7 @@ es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
 
 es-set-tostringtag@^2.1.0:
   version "2.1.0"
-  resolved "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz#f31dbbe0c183b00a6d26eb6325c810c0fd18bd4d"
   integrity sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
   dependencies:
     es-errors "^1.3.0"
@@ -4337,7 +4337,7 @@ flatted@^3.2.9:
 
 follow-redirects@^1.15.6:
   version "1.15.11"
-  resolved "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340"
   integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==
 
 foreground-child@^3.1.0, foreground-child@^3.3.1:
@@ -4380,7 +4380,7 @@ form-data@^2.5.5:
 
 form-data@^4.0.0, form-data@^4.0.4:
   version "4.0.4"
-  resolved "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4"
   integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==
   dependencies:
     asynckit "^0.4.0"
@@ -4728,7 +4728,7 @@ has-symbols@^1.0.3, has-symbols@^1.1.0:
 
 has-tostringtag@^1.0.2:
   version "1.0.2"
-  resolved "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz"
+  resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc"
   integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
   dependencies:
     has-symbols "^1.0.3"
@@ -5913,7 +5913,7 @@ micromatch@^4.0.0, micromatch@^4.0.8:
 
 mime-db@1.52.0:
   version "1.52.0"
-  resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
   integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
 
 mime-db@^1.54.0:
@@ -6892,7 +6892,7 @@ proxy-addr@^2.0.7:
 
 proxy-from-env@^1.1.0:
   version "1.1.0"
-  resolved "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz"
+  resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
   integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==
 
 punycode@^1.4.1:

From 6d4fded200b8a2a3d16f9a16ecaa87f3fb679a30 Mon Sep 17 00:00:00 2001
From: Kanishk Sachdev <kanishksachdev@gmail.com>
Date: Mon, 27 Oct 2025 22:31:17 -0400
Subject: [PATCH 4/4] feat: Extend file type validation for uploaded photos to
 include additional formats

---
 src/modules/photo/uploaded-photo.decorator.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/photo/uploaded-photo.decorator.ts b/src/modules/photo/uploaded-photo.decorator.ts
index ead3866f..00421022 100644
--- a/src/modules/photo/uploaded-photo.decorator.ts
+++ b/src/modules/photo/uploaded-photo.decorator.ts
@@ -5,7 +5,7 @@ export function UploadedPhoto(): ParameterDecorator {
     new ParseFilePipeBuilder()
       .addFileTypeValidator({
         fileType:
-          /(jpg|jpeg|png|gif|webp|heic|heif|tiff|bmp|svg|mp4|mov|avi|wmv|flv|mkv|webm|m4v|mpg|mpeg|3gp)$/i,
+          /(jpg|jpeg|png|gif|webp|heic|heif|tiff|tif|bmp|svg|raw|cr2|cr3|nef|nrw|arw|dng|orf|rw2|pef|srw|raf|mp4|mov|avi|wmv|flv|mkv|webm|m4v|mpg|mpeg|3gp|)$/i,
       })
       .addMaxSizeValidator({
         maxSize: 100 * 1024 * 1024, // 100MB for videos