From 907821cf6d698ab5e957f04e8697b06ec1f4cc08 Mon Sep 17 00:00:00 2001
From: labkey-susanh <susanh@labkey.com>
Date: Fri, 10 Apr 2026 08:39:11 -0700
Subject: [PATCH 1/2] Update springBoot and apacheTomcat versions for minor
 CVEs

---
 gradle.properties | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 53e73973e7..d17e693829 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -100,7 +100,7 @@ apacheDirectoryVersion=2.1.7
 apacheMinaVersion=2.2.5
 
 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below)
-apacheTomcatVersion=11.0.18
+apacheTomcatVersion=11.0.20
 
 # (mothership) -> json-path -> json-smart -> accessor-smart
 # (core) -> graalvm
@@ -294,7 +294,7 @@ slf4jLog4jApiVersion=2.0.17
 snappyJavaVersion=1.1.10.8
 
 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version
-springBootVersion=4.0.4
+springBootVersion=4.0.5
 # This usually matches the Spring Framework version dictated by springBootVersion
 springVersion=7.0.6
 springAiVersion=2.0.0-M4

From b118089b58d6ab5de2b71940f1afe73ccd2637ad Mon Sep 17 00:00:00 2001
From: labkey-susanh <susanh@labkey.com>
Date: Fri, 10 Apr 2026 08:39:37 -0700
Subject: [PATCH 2/2] Don't register tasks that need artifactory properties if
 properties are not present

---
 build.gradle | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/build.gradle b/build.gradle
index 6d09333974..98610dee68 100644
--- a/build.gradle
+++ b/build.gradle
@@ -563,16 +563,19 @@ project.tasks.register('ijConfigure') {
         task.dependsOn(project.tasks.ijRunConfigurationsSetup)
 }
 
-project.tasks.register('purgeNpmAlphaVersions', PurgeNpmAlphaVersions) {
-    group = GroupNames.NPM_RUN
-    description = "Given an alpha version prefix for npm packages via the property -P${PurgeNpmAlphaVersions.ALPHA_PREFIX_PROPERTY}=yourPrefix, " +
-            "removes all packages with versions that match that prefix from Artifactory (e.g., @labkey/components-1.2.3-yourPrefix.0 and @labkey/premium-0.3.4-yourPrefix.1). " +
-            " Use -PdryRun to see what versions would be deleted without actually doing the deletion."
-}
+if (project.hasProperty('artifactory_contextUrl') && project.hasProperty('artifactory_user') && project.hasProperty('artifactory_password'))
+{
+    project.tasks.register('purgeNpmAlphaVersions', PurgeNpmAlphaVersions) {
+        group = GroupNames.NPM_RUN
+        description = "Given an alpha version prefix for npm packages via the property -P${PurgeNpmAlphaVersions.ALPHA_PREFIX_PROPERTY}=yourPrefix, " +
+                "removes all packages with versions that match that prefix from Artifactory (e.g., @labkey/components-1.2.3-yourPrefix.0 and @labkey/premium-0.3.4-yourPrefix.1). " +
+                " Use -PdryRun to see what versions would be deleted without actually doing the deletion."
+    }
 
-project.tasks.register('purgeNpmVersions', PurgeNpmVersions) {
-    group = GroupNames.NPM_RUN
-    description = "Given a package name via -P${PurgeNpmVersions.PACKAGE_NAME_PROP}=name (without the @labkey prefix) and a version list via -P${PurgeNpmVersions.VERSION_LIST_PROP}=fileName for npm package, " +
-            "removes the versions specified from Artifactory. " +
-            " Use -PdryRun to see what versions would be deleted without actually doing the deletion."
+    project.tasks.register('purgeNpmVersions', PurgeNpmVersions) {
+        group = GroupNames.NPM_RUN
+        description = "Given a package name via -P${PurgeNpmVersions.PACKAGE_NAME_PROP}=name (without the @labkey prefix) and a version list via -P${PurgeNpmVersions.VERSION_LIST_PROP}=fileName for npm package, " +
+                "removes the versions specified from Artifactory. " +
+                " Use -PdryRun to see what versions would be deleted without actually doing the deletion."
+    }
 }