[CHK-12730][CHK-12731] fix dependabot alerts

build.gradle

@@ -3,7 +3,7 @@ plugins {
     alias(libs.plugins.nexus.publish)
 }
 
-ext['spring-framework.version'] = '6.2.10'
+ext['spring-framework.version'] = '6.2.11'
 ext['tomcat.version'] = '11.0.10'
 ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older
 
@@ -70,11 +70,11 @@ subprojects {
 
         // Security constraints
         constraints {
-            implementation("org.springframework:spring-web:6.2.10") {
-                because("versions below 6.2.8 have security vulnerabilities including CVE-2024-38820 - see dependabot #12")
+            implementation("org.springframework:spring-web:6.2.11") {
+                because("versions below 6.2.11 have security vulnerabilities including CVE-2024-38820 and CVE-2025-41249 - see dependabot #12, #24")
             }
-            implementation("org.springframework:spring-webmvc:6.2.10") {
-                because("versions below 6.2.10 have Path Traversal Vulnerability CVE-2025-41242 - see dependabot #247")
+            implementation("org.springframework:spring-webmvc:6.2.11") {
+                because("versions below 6.2.11 have security vulnerabilities including CVE-2025-41242 and CVE-2025-41249 - see dependabot #24, #247")
             }
             implementation("org.apache.tomcat.embed:tomcat-embed-core:11.0.10") {
                 because("versions below 10.1.42 have security vulnerabilities including CVE-2024-56337 - see dependabot #13")

examples/example-spring-boot-starter-web/build.gradle

@@ -6,13 +6,14 @@ plugins {
 }
 
 // Needed for security. See:
+// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/25
 // - https://github.com/getyourguide/openapi-validation-java/security/dependabot/7
 // - https://github.com/getyourguide/openapi-validation-java/security/dependabot/6
 // Hopefully with spring-boot 3.4.2+ this won't be needed anymore and can be removed.
 dependencyManagement {
     dependencies {
-        dependency 'ch.qos.logback:logback-core:1.5.18'
-        dependency 'ch.qos.logback:logback-classic:1.5.18'
+        dependency 'ch.qos.logback:logback-core:1.5.19'
+        dependency 'ch.qos.logback:logback-classic:1.5.19'
     }
 }
 

examples/example-spring-boot-starter-webflux/build.gradle

@@ -6,13 +6,14 @@ plugins {
 }
 
 // Needed for security. See:
+// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/25
 // - https://github.com/getyourguide/openapi-validation-java/security/dependabot/7
 // - https://github.com/getyourguide/openapi-validation-java/security/dependabot/6
 // Hopefully with spring-boot 3.4.2+ this won't be needed anymore and can be removed.
 dependencyManagement {
     dependencies {
-        dependency 'ch.qos.logback:logback-core:1.5.18'
-        dependency 'ch.qos.logback:logback-classic:1.5.18'
+        dependency 'ch.qos.logback:logback-core:1.5.19'
+        dependency 'ch.qos.logback:logback-classic:1.5.19'
     }
 }