Chore: Move the lz4 dependency conflict resolution strategy to kafka-bom

build.gradle.kts

@@ -27,17 +27,6 @@ subprojects {
       apply(plugin = "org.hypertrace.code-style-plugin")
     }
   }
-
-  // Handle lz4-java redirect capability conflict:
-  // Sonatype added a redirect from org.lz4:lz4-java:1.8.1 -> at.yawk.lz4:lz4-java:1.8.1 to address CVE-2025-12183.
-  // Both artifacts declare the same capability, causing a conflict when upgrading from Kafka's org.lz4:lz4-java:1.8.0.
-  // This resolution strategy tells Gradle to automatically select the highest version when this conflict occurs.
-  configurations.all {
-    resolutionStrategy.capabilitiesResolution.withCapability("org.lz4:lz4-java") {
-      select("at.yawk.lz4:lz4-java:1.8.1")
-      because("Both org.lz4 and at.yawk.lz4 provide lz4-java due to Sonatype redirect")
-    }
-  }
 }
 
 dependencyCheck {

kafka-bom/build.gradle.kts

@@ -40,3 +40,14 @@ dependencies {
     api("org.apache.avro:avro:1.12.0")
   }
 }
+
+// Handle lz4-java redirect capability conflict:
+// Sonatype added a redirect from org.lz4:lz4-java:1.8.1 -> at.yawk.lz4:lz4-java:1.8.1 to address CVE-2025-12183.
+// Both artifacts declare the same capability, causing a conflict when upgrading from Kafka's org.lz4:lz4-java:1.8.0.
+// This resolution strategy tells Gradle to automatically select the highest version when this conflict occurs.
+configurations.all {
+  resolutionStrategy.capabilitiesResolution.withCapability("org.lz4:lz4-java") {
+    select("at.yawk.lz4:lz4-java:1.8.1")
+    because("Both org.lz4 and at.yawk.lz4 provide lz4-java due to Sonatype redirect")
+  }
+}