org.sonatype.ossindex:ossindex-service-client depends on org.apache.httpcomponents:httpclient but excludes commons-logging:commons-logging and instead badly depends on jcl-over-slf4j explicitly while not even using the commons-logging API itself.
This easily causes problems (most often silently unless you have some protection) if any other dependency (like other dependencies of this project) depend on commons-logging: sonatype/ossindex-public#51.
As you explicitly exclude org.apache.httpcomponents:httpclient from your org.sonatype.ossindex:ossindex-service-client dependency, I suggest you also exclude the jcl-over-slf4j dependency as with that exclude it is totally pointless anyway, at least until that upstream bug got fixed and you depend on a newer version with that fix.
org.sonatype.ossindex:ossindex-service-clientdepends onorg.apache.httpcomponents:httpclientbut excludescommons-logging:commons-loggingand instead badly depends onjcl-over-slf4jexplicitly while not even using thecommons-loggingAPI itself.This easily causes problems (most often silently unless you have some protection) if any other dependency (like other dependencies of this project) depend on
commons-logging: sonatype/ossindex-public#51.As you explicitly exclude
org.apache.httpcomponents:httpclientfrom yourorg.sonatype.ossindex:ossindex-service-clientdependency, I suggest you also exclude thejcl-over-slf4jdependency as with that exclude it is totally pointless anyway, at least until that upstream bug got fixed and you depend on a newer version with that fix.