If I can understand the motivation behind the intent to fix the versions as it is done in the root pom, I think we are better off understanding why the behaviour of the framework changed upstream and fix our configuration so that it works with newer versions of the library, instead of getting locked into a pretty old version of the jars.
Here: https://github.com/georchestra/georchestra-gateway/blob/main/pom.xml#L69-L95
But we already are making use of a starter to decide which version to use here: https://github.com/georchestra/georchestra-gateway/blob/main/gateway/pom.xml#L40-L43
If I can understand the motivation behind the intent to fix the versions as it is done in the root pom, I think we are better off understanding why the behaviour of the framework changed upstream and fix our configuration so that it works with newer versions of the library, instead of getting locked into a pretty old version of the jars.