[JENKINS-63269] - Exclude JUnit and Hamcrest from the dependency list

[oleg-nenashev]

While working on Jenkinsfile Runner, I have noticed that the Jenkins Core includes JUnit JAR and Hamcrest JARs as transitive dependencies. Looks like it was my mistake in 2017 when I was working on a custom patch for commons-httpclient with vulnerability fix backports. It leads to 350KB of extra libraries, and, which is worse, potentially messes up the classpaths for testing environments and plugins.

https://issues.jenkins-ci.org/browse/JENKINS-63269

Dependency tree:

[INFO] +- io.jenkins.jenkinsfile-runner:setup:jar:1.0-beta-16-SNAPSHOT:compile
[INFO] |  +- org.jenkins-ci.main:jenkins-core:jar:2.246:compile
....
[INFO] |  |  +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile
[INFO] |  |  |  \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile
[INFO] |  |  +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile
[INFO] |  |  |  \- junit:junit:jar:4.13:compile
[INFO] |  |  |     \- org.hamcrest:hamcrest-core:jar:1.3:compile

Screenshot of a jenkins.war:

[oleg-nenashev]

Looks like I need to add CI there ...

[oleg-nenashev]

I will verify it in the master branch. Thanks all!