You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2018/03/06 20:20:57 UTC
[tika] branch branch_1x updated: TIKA-2598 -- add enforcerplugin to
fail on dependency convergence problems,
and fix dependency conflicts where possible.
This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch branch_1x
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/branch_1x by this push:
new 2e48245 TIKA-2598 -- add enforcerplugin to fail on dependency convergence problems, and fix dependency conflicts where possible.
new 4eb8ae1 Merge branch 'branch_1x' of https://github.com/apache/tika into branch_1x
2e48245 is described below
commit 2e482458d934b1e7105602c3c4de95a8f81a5808
Author: tballison <ta...@mitre.org>
AuthorDate: Tue Mar 6 15:17:42 2018 -0500
TIKA-2598 -- add enforcerplugin to fail on dependency convergence problems,
and fix dependency conflicts where possible.
---
tika-langdetect/pom.xml | 17 +++++++-
tika-parent/pom.xml | 30 +++++++++++--
tika-parsers/pom.xml | 102 ++++++++++++++++++++++++++++++++++++++++++---
tika-serialization/pom.xml | 2 +-
4 files changed, 139 insertions(+), 12 deletions(-)
diff --git a/tika-langdetect/pom.xml b/tika-langdetect/pom.xml
index 2f919a1..8f2b7df 100644
--- a/tika-langdetect/pom.xml
+++ b/tika-langdetect/pom.xml
@@ -43,7 +43,20 @@
<dependency>
<groupId>com.optimaize.languagedetector</groupId>
<artifactId>language-detector</artifactId>
- <version>0.5</version>
+ <version>0.6</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- exclude and then add back in to avoid
+ conflicts with edu.ucar:cdm in tika-parsers -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>17.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
@@ -53,7 +66,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.6.1</version>
+ <version>${gson.version}</version>
</dependency>
<!-- Test dependencies -->
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index e56ba1d..2cbcf4e 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -307,7 +307,8 @@
<project.reporting.outputEncoding>${project.build.sourceEncoding}</project.reporting.outputEncoding>
<!-- NOTE: sync tukaani version with commons-compress in tika-parsers -->
<commons.compress.version>1.14</commons.compress.version>
- <commons.io.version>2.5</commons.io.version>
+ <commons.io.version>2.6</commons.io.version>
+ <gson.version>2.8.1</gson.version>
<cxf.version>3.0.16</cxf.version>
<slf4j.version>1.7.24</slf4j.version>
</properties>
@@ -325,7 +326,8 @@
<plugin>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
- <version>2.3</version>
+ <!-- if this version contains commons-io 2.6, remove hard-coded commons-io version below -->
+ <version>2.4.1</version>
<configuration>
<targetVersion>${maven.compiler.target}</targetVersion>
<failOnUnresolvableSignatures>false</failOnUnresolvableSignatures>
@@ -335,7 +337,11 @@
<bundledSignature>jdk-deprecated</bundledSignature>
<bundledSignature>jdk-non-portable</bundledSignature>
<bundledSignature>jdk-internal</bundledSignature>
- <bundledSignature>commons-io-unsafe-${commons.io.version}</bundledSignature>
+ <!--2.6 is the same as 2.5
+ TODO: change back to the following when we upgrade forbidden apis
+ <bundledSignature>commons-io-unsafe-${commons.io.version}</bundledSignature>
+ -->
+ <bundledSignature>commons-io-unsafe-2.5</bundledSignature>
</bundledSignatures>
</configuration>
<executions>
@@ -377,6 +383,24 @@
</dependency>
</dependencies>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0-M1</version>
+ <executions>
+ <execution>
+ <id>enforce</id>
+ <configuration>
+ <rules>
+ <dependencyConvergence/>
+ </rules>
+ </configuration>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index e13b5ea..271ec07 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -81,11 +81,17 @@
<groupId>org.gagravarr</groupId>
<artifactId>vorbis-java-tika</artifactId>
<version>${vorbis.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.tika</groupId>
+ <artifactId>tika-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.healthmarketscience.jackcess</groupId>
<artifactId>jackcess</artifactId>
- <version>2.1.8</version>
+ <version>2.1.10</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
@@ -96,12 +102,18 @@
<dependency>
<groupId>com.healthmarketscience.jackcess</groupId>
<artifactId>jackcess-encrypt</artifactId>
- <version>2.1.2</version>
+ <version>2.1.4</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
+ <!-- to avoid maven-enforcer convergence error,
+ let's make this explicit -->
+ <exclusion>
+ <groupId>com.healthmarketscience.jackcess</groupId>
+ <artifactId>jackcess</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -316,7 +328,7 @@
<dependency>
<groupId>org.apache.opennlp</groupId>
<artifactId>opennlp-tools</artifactId>
- <version>1.8.3</version>
+ <version>1.8.4</version>
</dependency>
<dependency>
@@ -350,7 +362,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.8.1</version>
+ <version>${gson.version}</version>
</dependency>
<!-- logging dependencies -->
@@ -375,7 +387,7 @@
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
- <version>1.7</version>
+ <version>2.15.0</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -395,6 +407,10 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.jdom</groupId>
+ <artifactId>jdom2</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -410,6 +426,10 @@
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.jdom</groupId>
+ <artifactId>jdom2</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<!-- grib's current jsoup is vulnerable to xss
@@ -431,6 +451,14 @@
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.jdom</groupId>
+ <artifactId>jdom2</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -449,6 +477,9 @@
</exclusion>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </exclusion> <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
</exclusion>
</exclusions>
@@ -552,7 +583,7 @@
<dependency>
<groupId>org.apache.ctakes</groupId>
<artifactId>ctakes-core</artifactId>
- <version>3.2.2</version>
+ <version>4.0.0</version>
<scope>provided</scope>
<exclusions>
<exclusion>
@@ -579,9 +610,62 @@
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.opennlp</groupId>
+ <artifactId>opennlp-tools</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.uima</groupId>
+ <artifactId>uimafit-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.uima</groupId>
+ <artifactId>uimaj-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.jdom</groupId>
+ <artifactId>jdom2</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- need to specify this to avoid
+ version clash within ctakes-core 4.0.0 -->
+ <dependency>
+ <groupId>org.apache.uima</groupId>
+ <artifactId>uimafit-core</artifactId>
+ <version>2.2.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.uima</groupId>
+ <artifactId>uimaj-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!-- need to specify this to avoid
+ version clash within ctakes-core 4.0.0 -->
+ <dependency>
+ <groupId>org.apache.uima</groupId>
+ <artifactId>uimaj-core</artifactId>
+ <version>2.9.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jdom</groupId>
+ <artifactId>jdom2</artifactId>
+ <version>2.0.6</version>
+ </dependency>
<!--Jackson parse String to JSON-->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -614,6 +698,12 @@
<artifactId>jai-imageio-jpeg2000</artifactId>
<version>1.3.0</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.github.jai-imageio</groupId>
+ <artifactId>jai-imageio-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
diff --git a/tika-serialization/pom.xml b/tika-serialization/pom.xml
index 277e974..9220cdf 100644
--- a/tika-serialization/pom.xml
+++ b/tika-serialization/pom.xml
@@ -53,7 +53,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.8.1</version>
+ <version>${gson.version}</version>
</dependency>
<!-- Test dependencies -->
--
To stop receiving notification emails like this one, please contact
tallison@apache.org.