remove httpclient-4.5.12.jar from engine as runtime dependency

Question

remove httpclient-4.5.12.jar from engine as runtime dependency

Closed this issue 4 months ago · 1 comments

Acceptance Criteria (Required on creation)

Remove httpclient-4.5.12.jar from engine as runtime dependency

Hints

In #4193 httpclient-4.5.12.jar is introduced to engine as a runtime dependency. Before it was used as a test dependency.
This created a hit in the vulnerability scaner

Links

Breakdown

Pull Requests

Beta Give feedback

chore(engine): excluded shaded transitive dependencies #4431

ci:all-as ci:rest-api
Options

Dev2QA handover

Does this ticket need a QA test and the testing goals are not clear from the description? Add a Dev2QA handover comment

Answer 1 · 2024-06-13T06:06:17.000Z

Changes were successful, httpclient-4.5.12.jar is not part of the packaged jar anymore. Dependency scanner closed the vulnerability issue: https://github.com/camunda/automation-platform-vulnerability-scan/issues/3209.

QA note: @gbetances089 no specific testing required for this issue, as this reverts a change in a packaged dependency.
I will do a smoke test for all distro-s for the parent issue.

Closing this issue.