From 494f42e290bfe427b0d0ec1ff2f07c294f7ec172 Mon Sep 17 00:00:00 2001
From: Samreet Singh <samreet.singh@iteratec.com>
Date: Thu, 18 Dec 2025 16:00:21 +0100
Subject: [PATCH 1/2]  #3414 Set dep to lower version to solve the issue with
 the Defectdojo-hook version-mismatch

Signed-off-by: Samreet Singh <samreet.singh@iteratec.com>
---
 hooks/persistence-defectdojo/hook/build.gradle | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle
index 98ae54974..6e870eee2 100644
--- a/hooks/persistence-defectdojo/hook/build.gradle
+++ b/hooks/persistence-defectdojo/hook/build.gradle
@@ -24,7 +24,9 @@ repositories {
 dependencies {
   implementation group: "io.securecodebox", name: "defectdojo-client", version: "2.0.1"
   implementation group: "io.kubernetes", name: "client-java", version: "20.0.1"
-  implementation group: "org.springframework", name: "spring-web", version: "7.0.1"
+   // will not be updated to 7.0.0 because it no longer implements a class
+   // so it causes issues with the version in the defectdojo client
+  implementation group: "org.springframework", name: "spring-web", version: "6.2.12"
   // https://github.com/FasterXML/jackson-bom
   implementation platform("com.fasterxml.jackson:jackson-bom:2.20.1")
   implementation "com.fasterxml.jackson.core:jackson-core"

From ffab8ce3a5e3a7e2b3b2bcbafe930db11ce89e81 Mon Sep 17 00:00:00 2001
From: Samreet Singh <samreet.singh@iteratec.com>
Date: Thu, 18 Dec 2025 16:05:35 +0100
Subject: [PATCH 2/2] Ignore the spring-web dependency because its new version
 causes issues with the version in the defectdojo java client

Signed-off-by: Samreet Singh <samreet.singh@iteratec.com>
---
 .github/dependabot.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a673e25e6..1f80a11d7 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -59,6 +59,7 @@ updates:
     ignore:
       - dependency-name: "io.kubernetes:client-java:*-legacy"
       - dependency-name: "io.securecodebox:defectdojo-client:3.0.0"
+      - dependency-name: "org.springframework:spring-web"
     groups:
       gradle-security-updates:
         applies-to: security-updates