deps: upgrade tomcat for CVE-2021-42340 (#7569)

library_deps.bzl

@@ -48,7 +48,7 @@ BATFISH_MAVEN_ARTIFACTS = [
     "org.apache.logging.log4j:log4j-core:2.14.1",
     "org.apache.logging.log4j:log4j-slf4j-impl:2.14.1",
     "org.apache.thrift:libthrift:0.14.0",  # managed up: CVE-2020-13949
-    "org.apache.tomcat.embed:tomcat-embed-core:8.5.69",  # managed up: CVE-2021-33037
+    "org.apache.tomcat.embed:tomcat-embed-core:8.5.72",  # managed up: CVE-2021-42340
     "org.codehaus.jettison:jettison:1.4.0",
     "io.github.java-diff-utils:java-diff-utils:4.10",
     "org.glassfish.grizzly:grizzly-http-server:2.4.3",

maven_install.json

@@ -1,6 +1,6 @@
 {
     "dependency_tree": {
-        "__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": 443388178,
+        "__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": -555704494,
         "conflict_resolution": {
             "com.squareup.okhttp3:okhttp:3.14.8": "com.squareup.okhttp3:okhttp:4.2.2"
         },
@@ -2422,15 +2422,15 @@
                 "coord": "org.apache.thrift:libthrift:0.14.0",
                 "dependencies": [
                     "org.slf4j:slf4j-api:1.7.28",
-                    "org.apache.tomcat.embed:tomcat-embed-core:8.5.69",
                     "org.apache.httpcomponents:httpcore:4.4.14",
+                    "org.apache.tomcat.embed:tomcat-embed-core:8.5.72",
                     "javax.annotation:javax.annotation-api:1.3.2",
                     "org.apache.httpcomponents:httpclient:4.5.13"
                 ],
                 "directDependencies": [
                     "org.slf4j:slf4j-api:1.7.28",
-                    "org.apache.tomcat.embed:tomcat-embed-core:8.5.69",
                     "org.apache.httpcomponents:httpcore:4.4.14",
+                    "org.apache.tomcat.embed:tomcat-embed-core:8.5.72",
                     "javax.annotation:javax.annotation-api:1.3.2",
                     "org.apache.httpcomponents:httpclient:4.5.13"
                 ],
@@ -2448,14 +2448,14 @@
                 "coord": "org.apache.thrift:libthrift:jar:sources:0.14.0",
                 "dependencies": [
                     "org.apache.httpcomponents:httpclient:jar:sources:4.5.13",
-                    "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.69",
+                    "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.72",
                     "org.apache.httpcomponents:httpcore:jar:sources:4.4.14",
                     "org.slf4j:slf4j-api:jar:sources:1.7.28",
                     "javax.annotation:javax.annotation-api:jar:sources:1.3.2"
                 ],
                 "directDependencies": [
                     "org.apache.httpcomponents:httpclient:jar:sources:4.5.13",
-                    "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.69",
+                    "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.72",
                     "org.apache.httpcomponents:httpcore:jar:sources:4.4.14",
                     "org.slf4j:slf4j-api:jar:sources:1.7.28",
                     "javax.annotation:javax.annotation-api:jar:sources:1.3.2"
@@ -2471,68 +2471,68 @@
                 "url": "https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.14.0/libthrift-0.14.0-sources.jar"
             },
             {
-                "coord": "org.apache.tomcat.embed:tomcat-embed-core:8.5.69",
+                "coord": "org.apache.tomcat.embed:tomcat-embed-core:8.5.72",
                 "dependencies": [
-                    "org.apache.tomcat:tomcat-annotations-api:8.5.69"
+                    "org.apache.tomcat:tomcat-annotations-api:8.5.72"
                 ],
                 "directDependencies": [
-                    "org.apache.tomcat:tomcat-annotations-api:8.5.69"
+                    "org.apache.tomcat:tomcat-annotations-api:8.5.72"
                 ],
                 "exclusions": [
                     "org.hamcrest:hamcrest-core"
                 ],
-                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.69/tomcat-embed-core-8.5.69.jar",
+                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.72/tomcat-embed-core-8.5.72.jar",
                 "mirror_urls": [
-                    "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.69/tomcat-embed-core-8.5.69.jar"
+                    "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.72/tomcat-embed-core-8.5.72.jar"
                 ],
-                "sha256": "160ff5c08fe82701c372571d8af71fd7adefc0ed62f692d772ea5e2bdf915e7a",
-                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.69/tomcat-embed-core-8.5.69.jar"
+                "sha256": "c94a0ee822fa5e3092c5dbb4d64e5c9cace1adbd6a946ae59f2c423675033780",
+                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.72/tomcat-embed-core-8.5.72.jar"
             },
             {
-                "coord": "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.69",
+                "coord": "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.72",
                 "dependencies": [
-                    "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.69"
+                    "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.72"
                 ],
                 "directDependencies": [
-                    "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.69"
+                    "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.72"
                 ],
                 "exclusions": [
                     "org.hamcrest:hamcrest-core"
                 ],
-                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.69/tomcat-embed-core-8.5.69-sources.jar",
+                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.72/tomcat-embed-core-8.5.72-sources.jar",
                 "mirror_urls": [
-                    "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.69/tomcat-embed-core-8.5.69-sources.jar"
+                    "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.72/tomcat-embed-core-8.5.72-sources.jar"
                 ],
-                "sha256": "12dfde6e5e762ac77d4a5ea0a131d13a95fb05037d0a502fd48aafee875a0d3a",
-                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.69/tomcat-embed-core-8.5.69-sources.jar"
+                "sha256": "025410b6f239d41a6775a40c7de533660743c8549f5091eb21fb6156951ad0d6",
+                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.72/tomcat-embed-core-8.5.72-sources.jar"
             },
             {
-                "coord": "org.apache.tomcat:tomcat-annotations-api:8.5.69",
+                "coord": "org.apache.tomcat:tomcat-annotations-api:8.5.72",
                 "dependencies": [],
                 "directDependencies": [],
                 "exclusions": [
                     "org.hamcrest:hamcrest-core"
                 ],
-                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.69/tomcat-annotations-api-8.5.69.jar",
+                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.72/tomcat-annotations-api-8.5.72.jar",
                 "mirror_urls": [
-                    "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.69/tomcat-annotations-api-8.5.69.jar"
+                    "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.72/tomcat-annotations-api-8.5.72.jar"
                 ],
-                "sha256": "f15a7bbf738382dc847b5da0da303adde24718faeab8171e42188262275ad026",
-                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.69/tomcat-annotations-api-8.5.69.jar"
+                "sha256": "b5e29a4a483824ccc8b84184dfadc503b4ef1b0c46507a4e34247f25764ccbf9",
+                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.72/tomcat-annotations-api-8.5.72.jar"
             },
             {
-                "coord": "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.69",
+                "coord": "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.72",
                 "dependencies": [],
                 "directDependencies": [],
                 "exclusions": [
                     "org.hamcrest:hamcrest-core"
                 ],
-                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.69/tomcat-annotations-api-8.5.69-sources.jar",
+                "file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.72/tomcat-annotations-api-8.5.72-sources.jar",
                 "mirror_urls": [
-                    "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.69/tomcat-annotations-api-8.5.69-sources.jar"
+                    "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.72/tomcat-annotations-api-8.5.72-sources.jar"
                 ],
-                "sha256": "25016f4fd2b46cd0818e458c39085983295cb971885cbb6724200fd01a0e24a3",
-                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.69/tomcat-annotations-api-8.5.69-sources.jar"
+                "sha256": "999a72113b6ebae48b4547f091abf2df72268fd2667fed2c460f14cdb2de1756",
+                "url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.72/tomcat-annotations-api-8.5.72-sources.jar"
             },
             {
                 "coord": "org.checkerframework:checker-qual:3.12.0",

projects/pom.xml

@@ -99,7 +99,7 @@
         <httpcore.version>4.4.14</httpcore.version>
         <libthrift.version>0.14.0</libthrift.version>
         <okhttp.version>3.14.8</okhttp.version>
-        <tomcat-embed-core.version>8.5.69</tomcat-embed-core.version>
+        <tomcat-embed-core.version>8.5.72</tomcat-embed-core.version>
     </properties>