In an attempt to remediate a commons-net vulnerability, CVE-2021-37533, I updated htmlunit from 2.66.0 to 2.70.0 (which bumped commons-net from 3.8.0 to 3.9.0). While this did in fact remediate the vulnerability, it came with a side-effect in which my integration tests now fail...

java.lang.NoClassDefFoundError: Could not initialize class com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator

... while parsing a Spring context file (which has not changed).

Worth noting, I am using java 11.0.16.8.1. Also worth noting, htmlunit:2.7.0 includes a "provided" dependency on xerces:xercesImpl:2.12.2 (while htmlunit 2.66.0 does not).

Appreciate any and all ideas.