com.google.code.findbugs:jsr305 is old and no longer under active maintenance

### Before reporting an issue

- [X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

### Area

dependencies

### Describe the bug

Transitive dependency introduced in Keycloak 26 coming from OpenTelemetry:
```
\- io.quarkus:quarkus-opentelemetry:jar:3.15.1:compile
   \- io.quarkus:quarkus-grpc-common:jar:3.15.1:compile
      \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
```

This dependency has not had a release in 7 years, and should be removed from the Keycloak distribution.

### Version

26.0.0

### Regression

- [X] The issue is a regression

### Expected behavior

Only actively maintained dependencies should be included

### Actual behavior

Dependency with no releases for 7 years, and no potentially no updates for a long time, since the source repo is code.google.com which was closed a long time ago.

### How to Reproduce?

```
misc/scripts/dependency-report.sh com.google.code.findbugs:jsr305
```

### Anything else?

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

com.google.code.findbugs:jsr305 is old and no longer under active maintenance #34396

Before reporting an issue

Area

Describe the bug

Version

Regression

Expected behavior

Actual behavior

How to Reproduce?

Anything else?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

com.google.code.findbugs:jsr305 is old and no longer under active maintenance #34396

Description

Before reporting an issue

Area

Describe the bug

Version

Regression

Expected behavior

Actual behavior

How to Reproduce?

Anything else?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions