Pin dependency version and disable dependabot action affected dependencies

Author: rpanackal

.github/dependabot.yaml

@@ -36,6 +36,15 @@ updates:
       - dependency-name: 'com.github.ekryd.sortpom:sortpom-maven-plugin'
       # used by deprecated code only, not worth updating for now
       - dependency-name: 'org.apache.axis2:*'
+      # Ignore problematic license versions
+      - dependency-name: 'com.sap.cloud.security:java-security'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security.xsuaa:token-client'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:java-api'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:env'
+        versions: ['3.6.1', '3.6.2']
 
   # archetype updates
   # Dependabot seems to be unable to handle those, so this is disabled for now

dependency-bundles/bom/pom.xml

@@ -51,7 +51,7 @@
 		<!-- XSUAA -->
 		<!-- Keep this version consistent with the one from the SAP Java Buildpack (after their 2.0 release) -->
 		<!-- see https://github.wdf.sap.corp/xs2-java/xs-java-buildpack/blob/master/resources/pom.xml -->
-		<scp-cf.xsuaa-client.version>3.6.1</scp-cf.xsuaa-client.version>
+		<scp-cf.xsuaa-client.version>3.6.0</scp-cf.xsuaa-client.version>
 		<java-jwt.version>4.5.0</java-jwt.version>
 		<!-- Utility stuff -->
 		<slf4j.version>2.0.17</slf4j.version>