This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/master by this push:
     new 29bd610   TIKA-2598 -- add enforcerplugin to fail on dependency 
convergence problems,  and fix dependency conflicts where possible.
     new 32c5a69  Merge remote-tracking branch 'origin/master'
29bd610 is described below

commit 29bd6103ea4fce9abd27abe07a35c69ab2c81e60
Author: tballison <talli...@mitre.org>
AuthorDate: Tue Mar 6 15:17:42 2018 -0500

     TIKA-2598 -- add enforcerplugin to fail on dependency convergence problems,
     and fix dependency conflicts where possible.
---
 tika-langdetect/pom.xml    |  17 +++++++-
 tika-parent/pom.xml        |  30 +++++++++++--
 tika-parsers/pom.xml       | 102 ++++++++++++++++++++++++++++++++++++++++++---
 tika-serialization/pom.xml |   2 +-
 4 files changed, 139 insertions(+), 12 deletions(-)

diff --git a/tika-langdetect/pom.xml b/tika-langdetect/pom.xml
index fce981e..cfa2dc5 100644
--- a/tika-langdetect/pom.xml
+++ b/tika-langdetect/pom.xml
@@ -43,7 +43,20 @@
     <dependency>
       <groupId>com.optimaize.languagedetector</groupId>
       <artifactId>language-detector</artifactId>
-      <version>0.5</version>
+      <version>0.6</version>
+      <exclusions>
+        <exclusion>
+          <groupId>com.google.guava</groupId>
+          <artifactId>guava</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <!-- exclude and then add back in to avoid
+         conflicts with edu.ucar:cdm in tika-parsers -->
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>17.0</version>
     </dependency>
     <dependency>
       <groupId>org.apache.cxf</groupId>
@@ -53,7 +66,7 @@
     <dependency>
       <groupId>com.google.code.gson</groupId>
       <artifactId>gson</artifactId>
-      <version>2.6.1</version>
+      <version>${gson.version}</version>
     </dependency>
 
     <!-- Test dependencies -->
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index d17ffea..8a0ceec 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -307,7 +307,8 @@
     
<project.reporting.outputEncoding>${project.build.sourceEncoding}</project.reporting.outputEncoding>
     <!-- NOTE: sync tukaani version with commons-compress in tika-parsers -->
     <commons.compress.version>1.14</commons.compress.version>
-    <commons.io.version>2.5</commons.io.version>
+    <commons.io.version>2.6</commons.io.version>
+    <gson.version>2.8.1</gson.version>
     <cxf.version>3.0.16</cxf.version>
     <slf4j.version>1.7.24</slf4j.version>
   </properties>
@@ -325,7 +326,8 @@
       <plugin>
         <groupId>de.thetaphi</groupId>
         <artifactId>forbiddenapis</artifactId>
-        <version>2.3</version>
+        <!-- if this version contains commons-io 2.6, remove hard-coded 
commons-io version below -->
+        <version>2.4.1</version>
         <configuration>
           <targetVersion>${maven.compiler.target}</targetVersion>
           <failOnUnresolvableSignatures>false</failOnUnresolvableSignatures>
@@ -335,7 +337,11 @@
             <bundledSignature>jdk-deprecated</bundledSignature>
             <bundledSignature>jdk-non-portable</bundledSignature>
             <bundledSignature>jdk-internal</bundledSignature>
-            
<bundledSignature>commons-io-unsafe-${commons.io.version}</bundledSignature>
+            <!--2.6 is the same as 2.5
+              TODO: change back to the following when we upgrade forbidden apis
+              
<bundledSignature>commons-io-unsafe-${commons.io.version}</bundledSignature>
+            -->
+            <bundledSignature>commons-io-unsafe-2.5</bundledSignature>
           </bundledSignatures>
         </configuration>
         <executions>
@@ -377,6 +383,24 @@
          </dependency>
        </dependencies>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>3.0.0-M1</version>
+        <executions>
+          <execution>
+            <id>enforce</id>
+            <configuration>
+              <rules>
+                <dependencyConvergence/>
+              </rules>
+            </configuration>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
 
diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml
index dacde58..4ce29bb 100644
--- a/tika-parsers/pom.xml
+++ b/tika-parsers/pom.xml
@@ -81,11 +81,17 @@
       <groupId>org.gagravarr</groupId>
       <artifactId>vorbis-java-tika</artifactId>
       <version>${vorbis.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.tika</groupId>
+          <artifactId>tika-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>com.healthmarketscience.jackcess</groupId>
       <artifactId>jackcess</artifactId>
-      <version>2.1.8</version>
+      <version>2.1.10</version>
       <exclusions>
         <exclusion>
           <groupId>commons-logging</groupId>
@@ -96,12 +102,18 @@
     <dependency>
       <groupId>com.healthmarketscience.jackcess</groupId>
       <artifactId>jackcess-encrypt</artifactId>
-      <version>2.1.2</version>
+      <version>2.1.4</version>
       <exclusions>
         <exclusion>
           <groupId>org.bouncycastle</groupId>
           <artifactId>bcprov-jdk15on</artifactId>
         </exclusion>
+        <!-- to avoid maven-enforcer convergence error,
+          let's make this explicit -->
+        <exclusion>
+          <groupId>com.healthmarketscience.jackcess</groupId>
+          <artifactId>jackcess</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -316,7 +328,7 @@
     <dependency>
       <groupId>org.apache.opennlp</groupId>
       <artifactId>opennlp-tools</artifactId>
-      <version>1.8.3</version>
+      <version>1.8.4</version>
     </dependency>
 
     <dependency>
@@ -350,7 +362,7 @@
     <dependency>
       <groupId>com.google.code.gson</groupId>
       <artifactId>gson</artifactId>
-      <version>2.8.1</version>
+      <version>${gson.version}</version>
     </dependency>
 
     <!-- logging dependencies -->
@@ -375,7 +387,7 @@
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>
-      <version>1.7</version>
+      <version>2.15.0</version>
       <scope>test</scope>
     </dependency>
     <dependency>
@@ -395,6 +407,10 @@
           <groupId>commons-logging</groupId>
           <artifactId>commons-logging</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.jdom</groupId>
+          <artifactId>jdom2</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -410,6 +426,10 @@
           <groupId>org.jsoup</groupId>
           <artifactId>jsoup</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.jdom</groupId>
+          <artifactId>jdom2</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <!-- grib's current jsoup is vulnerable to xss
@@ -432,6 +452,14 @@
           <groupId>org.slf4j</groupId>
           <artifactId>jcl-over-slf4j</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.httpcomponents</groupId>
+          <artifactId>httpcore</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.jdom</groupId>
+          <artifactId>jdom2</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -450,6 +478,9 @@
         </exclusion>
         <exclusion>
           <groupId>org.apache.httpcomponents</groupId>
+          <artifactId>httpcore</artifactId>
+        </exclusion>        <exclusion>
+          <groupId>org.apache.httpcomponents</groupId>
           <artifactId>httpmime</artifactId>
         </exclusion>
       </exclusions>
@@ -553,7 +584,7 @@
     <dependency>
       <groupId>org.apache.ctakes</groupId>
       <artifactId>ctakes-core</artifactId>
-      <version>3.2.2</version>
+      <version>4.0.0</version>
       <scope>provided</scope>
       <exclusions>
         <exclusion>
@@ -580,9 +611,62 @@
           <groupId>org.springframework</groupId>
           <artifactId>spring-core</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.opennlp</groupId>
+          <artifactId>opennlp-tools</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>com.google.guava</groupId>
+          <artifactId>guava</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.uima</groupId>
+          <artifactId>uimafit-core</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.uima</groupId>
+          <artifactId>uimaj-core</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.jdom</groupId>
+          <artifactId>jdom2</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <!-- need to specify this to avoid
+      version clash within ctakes-core 4.0.0 -->
+    <dependency>
+      <groupId>org.apache.uima</groupId>
+      <artifactId>uimafit-core</artifactId>
+      <version>2.2.0</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.uima</groupId>
+          <artifactId>uimaj-core</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <!-- need to specify this to avoid
+      version clash within ctakes-core 4.0.0 -->
+    <dependency>
+      <groupId>org.apache.uima</groupId>
+      <artifactId>uimaj-core</artifactId>
+      <version>2.9.0</version>
+    </dependency>
 
+    <dependency>
+      <groupId>org.jdom</groupId>
+      <artifactId>jdom2</artifactId>
+      <version>2.0.6</version>
+    </dependency>
     <!--Jackson parse String to JSON-->
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
@@ -615,6 +699,12 @@
       <artifactId>jai-imageio-jpeg2000</artifactId>
       <version>1.3.0</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+            <groupId>com.github.jai-imageio</groupId>
+            <artifactId>jai-imageio-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
   </dependencies>
diff --git a/tika-serialization/pom.xml b/tika-serialization/pom.xml
index 115ae6b..77b690c 100644
--- a/tika-serialization/pom.xml
+++ b/tika-serialization/pom.xml
@@ -53,7 +53,7 @@
     <dependency>
       <groupId>com.google.code.gson</groupId>
       <artifactId>gson</artifactId>
-      <version>2.8.1</version>
+      <version>${gson.version}</version>
     </dependency>
 
     <!-- Test dependencies -->

-- 
To stop receiving notification emails like this one, please contact
talli...@apache.org.

Reply via email to