I'm sending this along on behalf of a colleague who is having trouble getting through to the distribution list.
---- Hi Apache client developers, It looks like the org.brotli.dec dependency was updated upstream for three years after the final version was published in Maven Central [1], including fixing CVEs [2]. Is this a good dependency for the Apache Client [3]? Aaron [1] https://mvnrepository.com/artifact/org.brotli/dec [2] https://github.com/google/brotli/releases/tag/v1.0.9 [3] https://github.com/apache/httpcomponents-client/blob/3805eb6a588d88ba8662c95ac349b5d8612dfa85/pom.xml#L67