chore(deps): [security] bump tomcat.version from 7.0.73 to 8.5.2

[dependabot-preview[bot]]

Bumps tomcat.version from 7.0.73 to 8.5.2.

Updates tomcat-embed-core from 7.0.73 to 8.5.2. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/49b41578-059a-460e-93c9-697f12ec7a22).* > **[CVE-2017-12616] When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possibl...** > When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. > > Affected versions: = 7.0.0-beta; = 7.0.0; = 7.0.1; = 7.0.2-beta; = 7.0.2; = 7.0.3; = 7.0.4-beta; = 7.0.4; = 7.0.5-beta; = 7.0.5; = 7.0.6; = 7.0.7; = 7.0.8; = 7.0.9; = 7.0.10; = 7.0.11; = 7.0.12; = 7.0.13; = 7.0.14; = 7.0.15; = 7.0.16; = 7.0.17; = 7.0.18; = 7.0.19; = 7.0.20; = 7.0.21; = 7.0.22; = 7.0.23; = 7.0.24; = 7.0.25; = 7.0.26; = 7.0.27; = 7.0.28; = 7.0.29; = 7.0.30; = 7.0.31; = 7.0.32; = 7.0.33; = 7.0.34; = 7.0.35; = 7.0.36; = 7.0.37; = 7.0.38; = 7.0.39; = 7.0.40; = 7.0.41; = 7.0.42; = 7.0.43; = 7.0.44; = 7.0.45; = 7.0.46; = 7.0.47; = 7.0.48; = 7.0.49; = 7.0.50; = 7.0.51; = 7.0.54; = 7.0.55; = 7.0.56; = 7.0.57; = 7.0.58; = 7.0.59; = 7.0.60; = 7.0.61; = 7.0.62; = 7.0.63; = 7.0.64; = 7.0.65; = 7.0.66; = 7.0.67; = 7.0.68; = 7.0.69; = 7.0.70; = 7.0.71; = 7.0.72; = 7.0.73; = 7.0.74; = 7.0.75; = 7.0.76; = 7.0.77; = 7.0.79; = 7.0.80 *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/6b3b03d6-fc2d-4ac6-9211-b46c0e91aa14).* > **[CVE-2017-12615] When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e....** > When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. > > Affected versions: = 7.0.0-beta; = 7.0.0; = 7.0.1; = 7.0.2-beta; = 7.0.2; = 7.0.3; = 7.0.4-beta; = 7.0.4; = 7.0.5-beta; = 7.0.5; = 7.0.6; = 7.0.7; = 7.0.8; = 7.0.9; = 7.0.10; = 7.0.11; = 7.0.12; = 7.0.13; = 7.0.14; = 7.0.15; = 7.0.16; = 7.0.17; = 7.0.18; = 7.0.19; = 7.0.20; = 7.0.21; = 7.0.22; = 7.0.23; = 7.0.24; = 7.0.25; = 7.0.26; = 7.0.27; = 7.0.28; = 7.0.29; = 7.0.30; = 7.0.31; = 7.0.32; = 7.0.33; = 7.0.34; = 7.0.35; = 7.0.36; = 7.0.37; = 7.0.38; = 7.0.39; = 7.0.40; = 7.0.41; = 7.0.42; = 7.0.43; = 7.0.44; = 7.0.45; = 7.0.46; = 7.0.47; = 7.0.48; = 7.0.49; = 7.0.50; = 7.0.51; = 7.0.54; = 7.0.55; = 7.0.56; = 7.0.57; = 7.0.58; = 7.0.59; = 7.0.60; = 7.0.61; = 7.0.62; = 7.0.63; = 7.0.64; = 7.0.65; = 7.0.66; = 7.0.67; = 7.0.68; = 7.0.69; = 7.0.70; = 7.0.71; = 7.0.72; = 7.0.73; = 7.0.74; = 7.0.75; = 7.0.76; = 7.0.77; = 7.0.79

Updates tomcat-embed-jasper from 7.0.73 to 8.5.2

Updates tomcat-embed-logging-juli from 7.0.73 to 8.5.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Looks like these dependencies are no longer updatable, so this is no longer needed.