Exclude xerces or replace usage of HTTPBuilder

[ben-manes]

This plugin uses org.codehaus.groovy.modules.http-builder:http-builder which is unmaintained, including its forks. These use net.sourceforge.nekohtml:nekohtml which is likewise and that uses xerces:xercesImpl. This plugin doesn't rely on xerces since it uses json instead of xml, so one can exclude this library safely.

When xerces is on the build environment classpath, then it becomes the javax.xml provider. This is incompatible with Gradle 8.4 which can result in SAXNotRecognizedException during dependency resolution thanks to an unrecognized property.

XML parsing now requires recent parsers
Gradle 8.4 now configures XML parsers with security features enabled. If your build logic has dependencies on old XML parsers that don’t support secure parsing, your build may now fail. If you encounter a failure, check and update or remove any dependency on legacy XML parsers.

The only workaround that I found was to remove the library entirely, which is preferable due to its history of vulnerabilities. A slightly more invasive change is to use an http client that is still supported, or just plain URLConnection.