Drop dom4j dependency

harawata · harawata · commit 826ab8af63d4 · 2021-12-14T05:25:25.000+09:00
GitHub reports two CVEs.
I'm not sure how dom4j is used in this project, so I'll revert if this break something.
diff --git a/pom.xml b/pom.xml
@@ -237,6 +237,10 @@
             <groupId>oro</groupId>
             <artifactId>oro</artifactId>
         </exclusion>
+        <exclusion>
+            <groupId>dom4j</groupId>
+            <artifactId>dom4j</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -311,18 +315,6 @@
       <scope>test</scope>
     </dependency>
 
-    <dependency>
-      <groupId>dom4j</groupId>
-      <artifactId>dom4j</artifactId>
-      <version>1.6.1</version>
-      <exclusions>
-          <exclusion>
-              <groupId>xml-apis</groupId>
-              <artifactId>xml-apis</artifactId>
-          </exclusion>
-      </exclusions>
-    </dependency>
-
     <!-- Commons Patches due to maven legacy usage and vulnerabilities in many cases -->
     <dependency>
       <groupId>commons-beanutils</groupId>
