Resolve Dependabot alerts caused by JReleaser

Author: marcphilipp

gradle/plugins/publishing/build.gradle.kts

@@ -8,19 +8,12 @@ plugins {
 dependencies {
 	implementation("junitbuild.base:dsl-extensions")
 	implementation(libs.plugins.jreleaser.markerCoordinates)
-}
-
-configurations.configureEach {
-	resolutionStrategy {
-		eachDependency {
-			// Workaround for CVE-2025-4949
-			if (requested.name == "org.eclipse.jgit") {
-				useVersion("6.10.1.202505221210-r")
-			}
-			// Workaround for CVE-2020-36843
-			if (requested.name == "sshj") {
-				useVersion("0.40.0")
-			}
+	constraints {
+		implementation("com.hierynomus:sshj:0.40.0") {
+			because("Workaround for CVE-2020-36843")
+		}
+		implementation("org.eclipse.jgit:org.eclipse.jgit:6.10.1.202505221210-r") {
+			because("Workaround for CVE-2025-4949")
 		}
 	}
 }