https://github.com/jenkinsci/jenkins/blob/a4f9f5b64b441172f6a1d871a7c615c03ac26235/pom.xml#L115-L132= is a trick added in commit 982a8fa apparently to prevent plugins (and core?) from bundling Servlet API 2.x. javax.servlet:servlet-api has been banned through Enforcer in the plugin parent POM since jenkinsci/plugin-pom@a608967 and in the core parent POM since jenkinsci/pom@82f73fef, so it may no longer be necessary to keep this trick in core. Keeping it complicates jenkinsci/jenkins/pom.xml and our Dependabot configuration, so it may well be best to dispense with it from both the core dependency tree and the Dependendabot exclusions list and rely on the abovementioned Enforcer bans to keep it out of our dependency trees.
timja
commented
2 years ago
https://github.com/jenkinsci/jenkins/blob/a4f9f5b64b441172f6a1d871a7c615c03ac26235/pom.xml#L115-L132= is a trick added in commit 982a8fa apparently to prevent plugins (and core?) from bundling Servlet API 2.x. javax.servlet:servlet-api has been banned through Enforcer in the plugin parent POM since jenkinsci/plugin-pom@a608967 and in the core parent POM since jenkinsci/pom@82f73fef, so it may no longer be necessary to keep this trick in core. Keeping it complicates jenkinsci/jenkins/pom.xml and our Dependabot configuration, so it may well be best to dispense with it from both the core dependency tree and the Dependendabot exclusions list and rely on the abovementioned Enforcer bans to keep it out of our dependency trees.
Originally reported by basil, imported from: Remove javax.servlet:servlet-api dependency