From f538bb5781ecabf84126254cf4a571923a406f71 Mon Sep 17 00:00:00 2001
From: Arkadiusz Komarzewski <akomarzewski@mozilla.com>
Date: Sun, 20 Oct 2024 10:50:46 +0200
Subject: [PATCH 1/2] Bump spring-core to 5.3.39

---
 ingestion-beam/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ingestion-beam/pom.xml b/ingestion-beam/pom.xml
index 004391de4..8bec23510 100644
--- a/ingestion-beam/pom.xml
+++ b/ingestion-beam/pom.xml
@@ -100,7 +100,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>5.3.29</version>
+            <version>5.3.39</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From c5266525028503df794ddf6ce5b74fda51754701 Mon Sep 17 00:00:00 2001
From: Arkadiusz Komarzewski <akomarzewski@mozilla.com>
Date: Sun, 20 Oct 2024 10:51:18 +0200
Subject: [PATCH 2/2] Ignore Spring 6.x in dependabot.yml

---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8c43ac62f..84eed770c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,6 +6,9 @@ updates:
   - dependency-name: com.google.cloud:libraries-bom
   - dependency-name: com.fasterxml.jackson:jackson-bom
   - dependency-name: org.apache.avro:avro
+  - dependency-name: org.springframework:spring-core
+    # Spring 6 requires Java 17
+    versions: [">=6.0.0"]
   schedule:
     interval: daily
   reviewers: