fix(jellyfin): Remediate CVEs

Signed-off-by: RJ Sampson <rj.sampson@chainguard.dev>

jellyfin.yaml

@@ -26,6 +26,12 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: e93d03d8cbff2122d7296f477604146f64758a73
 
+  - uses: patch
+    with:
+      patches: |
+        GHSA-j7hp-h8jx-5ppr.patch \
+        GHSA-qrmm-w75w-3wpx.patch
+
   - runs: |
       # Set runtime arch
       if [[ "${{build.arch}}" == "aarch64" ]]; then

jellyfin/GHSA-j7hp-h8jx-5ppr.patch

@@ -0,0 +1,15 @@
+diff --git a/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj b/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj
+index 9debe555e..76a65fa08 100644
+--- a/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj
++++ b/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj
+@@ -18,8 +18,8 @@
+   <ItemGroup>
+     <PackageReference Include="BlurHashSharp" Version="1.2.0" />
+     <PackageReference Include="BlurHashSharp.SkiaSharp" Version="1.2.0" />
+-    <PackageReference Include="SkiaSharp" Version="2.88.2" />
+-    <PackageReference Include="SkiaSharp.NativeAssets.Linux" Version="2.88.2" />
++    <PackageReference Include="SkiaSharp" Version="2.88.7" />
++    <PackageReference Include="SkiaSharp.NativeAssets.Linux" Version="2.88.7" />
+     <PackageReference Include="SkiaSharp.Svg" Version="1.60.0" />
+   </ItemGroup>
+

jellyfin/GHSA-qrmm-w75w-3wpx.patch

@@ -0,0 +1,13 @@
+diff --git a/Jellyfin.Api/Jellyfin.Api.csproj b/Jellyfin.Api/Jellyfin.Api.csproj
+index 76831b77b..172a162eb 100644
+--- a/Jellyfin.Api/Jellyfin.Api.csproj
++++ b/Jellyfin.Api/Jellyfin.Api.csproj
+@@ -19,7 +19,7 @@
+   <ItemGroup>
+     <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="6.0.9" />
+     <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0" />
+-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
++    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.3.1" />
+     <PackageReference Include="Swashbuckle.AspNetCore.ReDoc" Version="6.3.1" />
+   </ItemGroup>
+