From f6293d03133dc67b6bea88bd6320156a1bd7af26 Mon Sep 17 00:00:00 2001
From: Julio Castro <julio.castro@getyourguide.com>
Date: Mon, 23 Mar 2026 13:51:35 +0100
Subject: [PATCH] build(deps): bump spring-boot from 4.0.2 to 4.0.4

Fixes CVE-2026-22737 (GHSA-4773-3jfm-qmx3) - Spring Framework path traversal
via script view templates. Spring Boot 4.0.4 brings Spring Framework 7.0.6
which contains the fix.

Closes dependabot alert #40.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index fd99470..39ef62a 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,6 +1,6 @@
 [versions]
 java = "21"
-spring-boot = "4.0.2"
+spring-boot = "4.0.4"
 spring-dependency-management = "1.1.7"
 openapi-generator = "7.20.0"
 openapi-tools = "0.2.9"