Is xalan still needed as a dependency? #337
Description
xalan (an XSLT processor) is apparently unmaintained and likes to show up in vulnerability scans due to CVE-2022-34169. Yes, this library is most likely just used for testing, so this isn't critical, but it would still be great if such warnings could be avoided if possible.
What I have been wondering -- is xalan still needed by selenese-runner-java? It seems to have been added in commit 488ba46 (make implicit dependencies explicit and add dependency on htmlunit-driver explicitly. It does actually seem to be required by any other dependency (anymore), and I'm not aware that selenese-runner-java has any XSLT processing features? I've excluded xalan when adding selenese-runner-java as a dependency and everything still seems to be working fine, but perhaps we're just not using the feature that requires xalan?