Hello, I noticed that the dependency org.jvnet.hudson:jtidy is declared in the module core of Jenkins. However, this direct dependency is not used and, therefore, it can be removed safely from this module. I'm intriguing with the exclusion of jdom from org.jvnet.hudson:jtidy in commit https://github.com/jenkinsci/jenkins/commit/fe8df9651a276720f6d9a93ea4fb7d9e3e5a45dc] , because if we look at the dependency tree, we can notice that jdom is not a dependency of org.jvnet.hudson:jtidy.

On the other hand, the transitive dependencies org.jenkins-ci:constant-pool-scanner and net.i2p.crypto:eddsa are not used in the core module and therefore they can be excluded from dependencies org.jenkins-ci.main:remoting and org.jenkins-ci.main:cli, respectively. This makes the core library slimmer, the dependency tree smaller, and the pom clearer.

In addition, the dependency commons-codec is declared in module cli and it is also unused.