From 5ca8eede7a29e5fe46b3c2d5936db27fbdee983e Mon Sep 17 00:00:00 2001
From: Patrick Boos <patrick.boos@getyourguide.com>
Date: Mon, 3 Nov 2025 08:52:45 +0100
Subject: [PATCH 1/2] [CHK-12769] fix dependabot security alert

---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index b853cce..95c6cca 100644
--- a/build.gradle
+++ b/build.gradle
@@ -4,7 +4,7 @@ plugins {
 }
 
 ext['spring-framework.version'] = '6.2.11'
-ext['tomcat.version'] = '11.0.10'
+ext['tomcat.version'] = '11.0.11'
 ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older
 
 apply from: "${rootDir}/gradle/publish-root.gradle"

From ce936896ff8dcd569f866d37163b6752cee21c98 Mon Sep 17 00:00:00 2001
From: Patrick Boos <patrick.boos@getyourguide.com>
Date: Mon, 3 Nov 2025 08:58:52 +0100
Subject: [PATCH 2/2] [CHK-12772] fix dependabot security alert

---
 build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 95c6cca..d72d737 100644
--- a/build.gradle
+++ b/build.gradle
@@ -4,7 +4,7 @@ plugins {
 }
 
 ext['spring-framework.version'] = '6.2.11'
-ext['tomcat.version'] = '11.0.11'
+ext['tomcat.version'] = '11.0.12'
 ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older
 
 apply from: "${rootDir}/gradle/publish-root.gradle"
@@ -78,7 +78,7 @@ subprojects {
                 because("versions below 6.2.11 have security vulnerabilities including CVE-2025-41242 and CVE-2025-41249 - see dependabot #24, #247")
             }
             implementation("org.apache.tomcat.embed:tomcat-embed-core:11.0.13") {
-                because("versions below 10.1.42 have security vulnerabilities including CVE-2024-56337 - see dependabot #13")
+                because("versions below 11.0.12 have security vulnerabilities including CVE-2024-56337, CVE-2025-55754, CVE-2025-61795 - see dependabot #13, #27, #28")
             }
             implementation("org.apache.commons:commons-lang3:3.19.0") {
                 because("versions below 3.18.0 have security vulnerabilities including CVE-2025-48924 - see dependabot #15")