SpringBoot QueryDSL in Spring Boot Dependencies uses an older artifact

The Spring Boot Dependencies contains a reference to the following dependency:

      <dependency>
        <groupId>com.querydsl</groupId>
        <artifactId>querydsl-bom</artifactId>
        <version>${querydsl.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>

This dependency has now changed to this repository with the following Maven coordinate:

<dependency>
    <groupId>io.github.openfeign.querydsl</groupId>
    <artifactId>querydsl-bom</artifactId>
    <version>${querydsl.version}</version>
    <type>pom</type>
    <scope>import</scope>
</dependency>

I'm not sure what the best approach would be to changing the dependencies to the new artifact but wanted to make sure it was known as the old repository now have a CRITICAL CVE related to it (https://nvd.nist.gov/vuln/detail/CVE-2024-49203). I'm not sure what changed or if this will affect any potential autoconfigurations currently used, but I wanted to make sure the team is aware.

Comment From: philwebb

Thanks for suggestion, but we're going to need to follow Spring Data's lead here. There's a (currently closed) issue discussing things at https://github.com/spring-projects/spring-data-jpa/issues/3335

Comment From: philwebb

Declining for now, but we will reopen this issue if Spring Data switch.