Fix JENKINS-70842 by adding a depency

[cafuego]

This PR fixes JENKINS-70842 by explicitly adding a dependency on the https://plugins.jenkins.io/apache-httpcomponents-client-4-api plugin and updating the plugin code that makes the HTTP request to work with the updated libraries.

Note that a build against a current Jenkins really also wants #12 to be merged first.

[cafuego]

Tests failed because really this should be a PR against PR #12.

A locally built version that does have both sets of changes merged in works as expected when installed on a current LTS Jenkins and no longer errors out.

[emakaay]

Is there any ETA for this pull request ?

[basil]

The Global Post Script plugin has an unresolved security vulnerability that includes a missing permission check allowing one to obtain configuration data. It was last released 5 years ago.

If the Global Post Script plugin is important to your organization, please ask your organization to assign someone a day or two a month to adopt the plugin, fix the unresolved security vulnerability, modernize the plugin, and release a new version.

[cafuego]

@emakaay I built the plugin with both the security fix and the httpcomponents fix back in March. It works nicely for me. Attached is a zip with the build HPI and JAR files, in case you're happy to try them too. (I don't think I can commit to maintainership for this plugin)

global-post-script.zip

[gheine]

@cafuego looks like the CVE fix has been merged. What needs to happen to get this PR merged also, and a new version of the plugin released?

[basil]

See #13 (comment).

[michbu1]

Any ETA for releasing official new version (with dependencies fixed and CVE resolved) ?

[basil]

See #13 (comment).