From 3a6bf11fe05310947f8768101161d2fad2b4064c Mon Sep 17 00:00:00 2001
From: Julio Castro <julio.castro@getyourguide.com>
Date: Mon, 27 Apr 2026 10:13:48 +0200
Subject: [PATCH] [USPR-XXXX] fix dependabot 42,43,44

---
 build.gradle | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/build.gradle b/build.gradle
index a5fa826..8edee32 100644
--- a/build.gradle
+++ b/build.gradle
@@ -30,6 +30,11 @@ subprojects {
                 useVersion('3.1.1')
                 because('GHSA-2m67-wjpj-xhg9: Jackson Core 3.0.0-3.1.0 maxDocumentLength bypass')
             }
+            if (requested.group == 'org.apache.tomcat.embed' && requested.name == 'tomcat-embed-core'
+                    && requested.version != null && requested.version < '11.0.21') {
+                useVersion('11.0.21')
+                because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')
+            }
         }
     }