Description
The latest version of the org.eclipse.jgit.http.apache lib (7.7.0.202606012155-r) has a dependency on httpcore v4 (specifically 4.4.16) which has reached EOL and has a couple of vulnerabilities (CVE-2026-54399 and CVE-2026-54428).
Can this dependency be upgraded to httpcore v5?
Motivation
To address vulnerabilities in third party libraries
Alternatives considered
No response
Additional context
No response
Description
The latest version of the org.eclipse.jgit.http.apache lib (7.7.0.202606012155-r) has a dependency on httpcore v4 (specifically 4.4.16) which has reached EOL and has a couple of vulnerabilities (CVE-2026-54399 and CVE-2026-54428).
Can this dependency be upgraded to httpcore v5?
Motivation
To address vulnerabilities in third party libraries
Alternatives considered
No response
Additional context
No response