chore(deps): bump org.apache.tomcat:tomcat-catalina from 9.0.108 to 11.0.22#5434
chore(deps): bump org.apache.tomcat:tomcat-catalina from 9.0.108 to 11.0.22#5434dependabot[bot] wants to merge 1 commit into
Conversation
Bumps org.apache.tomcat:tomcat-catalina from 9.0.108 to 11.0.22. --- updated-dependencies: - dependency-name: org.apache.tomcat:tomcat-catalina dependency-version: 11.0.22 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
requested review from
0xadam-brown,
adinauer,
markushi,
romtsn and
runningcode
as code owners
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit e24ac2b. Configure here.
| tomcat-catalina-jakarta = { module = "org.apache.tomcat:tomcat-catalina", version = "11.0.10" } | ||
| tomcat-embed-jasper-jakarta = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version = "11.0.10" } | ||
| tomcat-catalina = { module = "org.apache.tomcat:tomcat-catalina", version = "11.0.22" } | ||
| tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version = "11.0.22" } |
There was a problem hiding this comment.
Non-Jakarta Tomcat bumped to Jakarta-only version
High Severity
The non-Jakarta tomcat-catalina and tomcat-embed-jasper were intentionally pinned to Tomcat 9.0.x because they provide javax.servlet.* APIs. Bumping them to 11.0.22 makes them identical to the -jakarta variants, which only provide jakarta.servlet.* APIs. Code in sentry-samples-spring, sentry-spring, and sentry-servlet that imports javax.servlet.* will fail at compile or runtime because Tomcat 11 no longer ships those classes.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit e24ac2b. Configure here.
Bumps org.apache.tomcat:tomcat-catalina from 9.0.108 to 11.0.22.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)