jOOQ has a Spring dependency in jOOQ-meta-extensions-hibernate, as well as in a few tests. The test dependencies were easy to remove, but the one in the jOOQ-meta-extensions-hibernate module is a bit harder because we're using Spring to find entities on the class path.

Now, Spring 5.x has this vulnerability: CVE-2024-22233. Upgrading Spring to 6.x is tricky because it has a Java 17 baseline, so perhaps, we can just remove the dependency entirely and scan the classpath ourselves? Perhaps it's not too hard.