From e65ef844eccbca41de759842ed8129e04e6cd114 Mon Sep 17 00:00:00 2001
From: Roshin Rajan Panackal <roshin.rajan.panackal@sap.com>
Date: Tue, 12 Aug 2025 13:21:38 +0200
Subject: [PATCH] Pin dependency version and disable dependabot action affected
 dependencies

---
 .github/dependabot.yaml        | 9 +++++++++
 dependency-bundles/bom/pom.xml | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index b70a988ef..73be63d7b 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -36,6 +36,15 @@ updates:
       - dependency-name: 'com.github.ekryd.sortpom:sortpom-maven-plugin'
       # used by deprecated code only, not worth updating for now
       - dependency-name: 'org.apache.axis2:*'
+      # Ignore problematic license versions
+      - dependency-name: 'com.sap.cloud.security:java-security'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security.xsuaa:token-client'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:java-api'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:env'
+        versions: ['3.6.1', '3.6.2']
 
   # archetype updates
   # Dependabot seems to be unable to handle those, so this is disabled for now
diff --git a/dependency-bundles/bom/pom.xml b/dependency-bundles/bom/pom.xml
index 41ab8d113..28c152969 100644
--- a/dependency-bundles/bom/pom.xml
+++ b/dependency-bundles/bom/pom.xml
@@ -51,7 +51,7 @@
 		<!-- XSUAA -->
 		<!-- Keep this version consistent with the one from the SAP Java Buildpack (after their 2.0 release) -->
 		<!-- see https://github.wdf.sap.corp/xs2-java/xs-java-buildpack/blob/master/resources/pom.xml -->
-		<scp-cf.xsuaa-client.version>3.6.1</scp-cf.xsuaa-client.version>
+		<scp-cf.xsuaa-client.version>3.6.0</scp-cf.xsuaa-client.version>
 		<java-jwt.version>4.5.0</java-jwt.version>
 		<!-- Utility stuff -->
 		<slf4j.version>2.0.17</slf4j.version>