Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63269

Jenkins WAR should not bundle JUnit and Hamcrest libraries

    • jenkins-2.253

      While working on Jenkinsfile Runner, I have noticed that the Jenkins Core includes JUnit JAR and Hamcrest JARs as transitive dependencies. Looks like it was my mistake in 2017 when I was working on a custom patch for commons-httpclient with vulnerability fix backports. It leads to 350KB of extra libraries, and, which is worse, potentially messes up the classpaths for testing environments and plugins

      Dependency tree:

       [INFO] +- io.jenkins.jenkinsfile-runner:setup:jar:1.0-beta-16-SNAPSHOT:compile
      [INFO] | +- org.jenkins-ci.main:jenkins-core:jar:2.246:compile
      [INFO] | | +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:compile
      [INFO] | | +- org.jenkins-ci.main:remoting:jar:4.5:compile
      ...
      [INFO] | | +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile
      [INFO] | | | \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile
      [INFO] | | +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile
      [INFO] | | | \- junit:junit:jar:4.13:compile
      [INFO] | | | \- org.hamcrest:hamcrest-core:jar:1.3:compile

      Screenshot of a jenkins.war:

          [JENKINS-63269] Jenkins WAR should not bundle JUnit and Hamcrest libraries

          Oleg Nenashev created issue -
          Oleg Nenashev made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: core [ 21134 ]
          Key Original: INFRA-2696 New: JENKINS-63269
          Workflow Original: classic default workflow [ 245332 ] New: JNJira + In-Review [ 245333 ]
          Project Original: Infrastructure [ 10301 ] New: Jenkins [ 10172 ]
          Oleg Nenashev made changes -
          Summary Original: Jenkins WAr bundles JUnit and Hamcrest New: Jenkins WAR should not bundle JUnit and Hamcrest libraries
          Oleg Nenashev made changes -
          Assignee New: Oleg Nenashev [ oleg_nenashev ]
          Oleg Nenashev made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Oleg Nenashev made changes -
          Remote Link New: This issue links to "https://github.com/jenkinsci/lib-commons-httpclient/pull/2 (Web Link)" [ 25408 ]
          Tim Jacomb made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Daniel Beck made changes -
          Released As New: jenkins-2.253
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]

            oleg_nenashev Oleg Nenashev
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: