FYI:The GH security dependabot has started doing the rounds. It is flagging up our security update (CVE-2021-39239 -- XML reading) on GH repos depending on <= 4.1.0.
It has also flagged up "4.3.0-SNAPSHOT" - it, or maven, always did get a bit confused by version that aren't x.y.z.
Andy
