fix: upgrade tomcat-embed-core to 11.0.22 to fix GHSA-gx5v-xp9w-j4cg

Copilot · gygrobot · web-flow · commit a04e850ade0d · 2026-05-22T14:14:15.000Z
Agent-Logs-Url: https://github.com/getyourguide/openapi-validation-java/sessions/6a03f7d0-70f5-4b9c-b7ef-c3fbfd87d4ce Co-authored-by: gygrobot <19344429+gygrobot@users.noreply.github.com>
diff --git a/build.gradle b/build.gradle
@@ -31,9 +31,9 @@ subprojects {
                 because('GHSA-2m67-wjpj-xhg9: Jackson Core 3.0.0-3.1.0 maxDocumentLength bypass')
             }
             if (requested.group == 'org.apache.tomcat.embed' && requested.name == 'tomcat-embed-core'
-                    && requested.version != null && requested.version < '11.0.21') {
-                useVersion('11.0.21')
-                because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')
+                    && requested.version != null && requested.version < '11.0.22') {
+                useVersion('11.0.22')
+                because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6 / GHSA-gx5v-xp9w-j4cg: Apache Tomcat < 11.0.22 vulnerabilities')
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,9 @@ subprojects {`
`31`	`31`	`because('GHSA-2m67-wjpj-xhg9: Jackson Core 3.0.0-3.1.0 maxDocumentLength bypass')`
`32`	`32`	`}`
`33`	`33`	`if (requested.group == 'org.apache.tomcat.embed' && requested.name == 'tomcat-embed-core'`
`34`		`- && requested.version != null && requested.version < '11.0.21') {`
`35`		`- useVersion('11.0.21')`
`36`		`- because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')`
	`34`	`+ && requested.version != null && requested.version < '11.0.22') {`
	`35`	`+ useVersion('11.0.22')`
	`36`	`+ because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6 / GHSA-gx5v-xp9w-j4cg: Apache Tomcat < 11.0.22 vulnerabilities')`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`	`}`