Update google-http-client and google-http-client-apache-v2 to 1.31 #1434
Description
#1415 upgraded google-http-client to 1.27.0, but a lot of our usage have been marked deprecated with 1.27.0. Unfortunately, due to this bug in 1.27.0, it is not possible to get away from the deprecated usage.
To address all these issues, they made significant changes to 1.28.0. They had to break the Apache adapter into its own artifact google-http-client-apache with two different implementation flavors:
- google-http-client-apache 1.28.0 using the legacy Apache HttpClient; and
- 2.0.0 for the modern one.
They said the legacy version was necessary for internal usage: googleapis/google-http-java-client#543, googleapis/google-http-java-client#558, googleapis/google-http-java-client#576 (comment)
We may choose to stick with the legacy google-http-client-apache 1.28.0, but I think moving to 2.0.0 is the right thing to do. In any case, I realized there are some complication and annoyance: #1415 (comment), googleapis/google-http-java-client#576 (comment)
Another side effect with google-http-client 1.28.0 is that we need to upgrade Guava to 26.0-jre from the current 23.5-jre.
Lastly, I noticed one very useful and important feature in the modern 2.0.0. Looking at the code, there seems no need to configure proxy auth ourselves (that we did in #1337), as long as we build the Apache HttpClient with useSystemProperties(). (The default HttpClient built with ApacheHttpTransport turns it on.) Then, it will use SystemDefaultCredentialsProvider, and looking at the code, it will pick up http(x).proxy{User|Password}. It does look like we can remove our addProxyCredentials() code.
(FTR, https://github.com/GoogleContainerTools/jib/compare/remove-deprecated?expand=1 has a not-so-great reference implementation, but has some problem.)