fix: Handle incompatible license in dependencies (#889)

rpanackal · web-flow · commit 40045bf716cc · 2025-08-12T11:48:01.000Z
Co-authored-by: Roshin Rajan Panackal &lt;roshin.rajan.panackal@sap.com&gt;
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -36,6 +36,15 @@ updates:
       - dependency-name: 'com.github.ekryd.sortpom:sortpom-maven-plugin'
       # used by deprecated code only, not worth updating for now
       - dependency-name: 'org.apache.axis2:*'
+      # Ignore problematic license versions
+      - dependency-name: 'com.sap.cloud.security:java-security'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security.xsuaa:token-client'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:java-api'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:env'
+        versions: ['3.6.1', '3.6.2']
 
   # archetype updates
   # Dependabot seems to be unable to handle those, so this is disabled for now
diff --git a/dependency-bundles/bom/pom.xml b/dependency-bundles/bom/pom.xml
@@ -51,7 +51,7 @@
 		<!-- XSUAA -->
 		<!-- Keep this version consistent with the one from the SAP Java Buildpack (after their 2.0 release) -->
 		<!-- see https://github.wdf.sap.corp/xs2-java/xs-java-buildpack/blob/master/resources/pom.xml -->
-		<scp-cf.xsuaa-client.version>3.6.2</scp-cf.xsuaa-client.version>
+		<scp-cf.xsuaa-client.version>3.6.0</scp-cf.xsuaa-client.version>
 		<java-jwt.version>4.5.0</java-jwt.version>
 		<!-- Utility stuff -->
 		<slf4j.version>2.0.17</slf4j.version>
