(jena) branch main updated: Control opencsv dependency version in project POM

Tue, 14 Jan 2025 03:56:51 -0800 

This is an automated email from the ASF dual-hosted git repository.

andy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/jena.git


The following commit(s) were added to refs/heads/main by this push:
     new f6c8abe849 Control opencsv dependency version in project POM
f6c8abe849 is described below

commit f6c8abe849e5d4aa450f2d317fe9839552b76663
Author: Andy Seaborne <[email protected]>
AuthorDate: Mon Jan 13 11:33:24 2025 +0000

    Control opencsv dependency version in project POM
---
 jena-fuseki2/jena-fuseki-geosparql/pom.xml | 20 ++------------------
 pom.xml                                    | 17 +++++++++++++++--
 2 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/jena-fuseki2/jena-fuseki-geosparql/pom.xml 
b/jena-fuseki2/jena-fuseki-geosparql/pom.xml
index 426f1aff90..83d9ea3744 100644
--- a/jena-fuseki2/jena-fuseki-geosparql/pom.xml
+++ b/jena-fuseki2/jena-fuseki-geosparql/pom.xml
@@ -47,24 +47,8 @@
       </dependency>
 
       <dependency>
-               <groupId>com.opencsv</groupId>
-           <artifactId>opencsv</artifactId>
-               <version>5.9</version>
-               <!-- rdf-tables:1.0.4
-               -> com.opencsv:opencsv:jar:3.9 
-                 -> commons-beanutils:commons-beanutils:19.3
-             CVE-2019-10086 https://nvd.nist.gov/vuln/detail/CVE-2019-10086 
-             commons-beanutils:commons-beanutils:jar:1.9.3
-             Needs to be 1.9.4.
-             We exclude it from rdf-tables and directly depend on it here.
-           -->
-        <exclusions>
-          <!-- Use jcl-over-slf4j -->
-          <exclusion>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
-          </exclusion>
-        </exclusions>
+        <groupId>com.opencsv</groupId>
+        <artifactId>opencsv</artifactId>
       </dependency>
 
       <dependency>
diff --git a/pom.xml b/pom.xml
index fae4d2af36..168647dfe8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,6 +95,7 @@
     <ver.dexxcollection>0.7</ver.dexxcollection>
     <ver.micrometer>1.14.2</ver.micrometer>
     <ver.roaringbitmap>1.3.0</ver.roaringbitmap>
+    <ver.opencsv>5.10</ver.opencsv>
 
     <!-- Testing -->
     <ver.junit4>4.13.2</ver.junit4>
@@ -431,6 +432,18 @@
         <version>${ver.commons-fileupload}</version>
       </dependency>
 
+       <dependency>
+         <groupId>com.opencsv</groupId>
+         <artifactId>opencsv</artifactId>
+         <version>${ver.opencsv}</version>
+         <exclusions>
+           <exclusion>
+             <groupId>commons-logging</groupId>
+             <artifactId>commons-logging</artifactId>
+           </exclusion>
+         </exclusions>         
+       </dependency>
+
       <!--
           com.google.errorprone:error_prone_annotations
           is used by gson, guava and caffeine. 
@@ -440,8 +453,8 @@
           Either explicitly depend here or choose one
           route and exclude from the others or exclude
           systematically. If the dependency plugin is being used,
-         it will likely report errors because it is stricter than 
-         the maven resolution rule.
+    it will likely report errors because it is stricter than 
+    the maven resolution rule.
 
           Gson is probably the one to choose as the preferred route.
           https://github.com/google/gson/issues/2681#issuecomment-2125845040

Reply via email to