From e147484add9d499cd66b222e620ca5ca39395d8a Mon Sep 17 00:00:00 2001
From: Big Andy <8012398+big-andy-coates@users.noreply.github.com>
Date: Wed, 24 Jan 2024 00:53:29 +0000
Subject: [PATCH] Get dependabot to check maven central

According to the docs, this shouldn't be necessary. But the Dependabot logs suggest otherwise...
---
 json-serde/build.gradle.kts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/json-serde/build.gradle.kts b/json-serde/build.gradle.kts
index 30cd6807..ab781a51 100644
--- a/json-serde/build.gradle.kts
+++ b/json-serde/build.gradle.kts
@@ -45,6 +45,11 @@ dependencies {
 
     implementation("io.confluent:kafka-schema-registry-client:$confluentVersion")
     implementation("io.confluent:kafka-json-schema-provider:$confluentVersion")
+    constraints {
+        implementation("org.scala-lang:scala-library:2.13.12") {
+            because("lower versions have security vulnerabilities")
+        }
+    }
 
     jsonSchemaGenerator("org.creekservice:creek-json-schema-generator:$creekVersion")