This is an automated email from the ASF dual-hosted git repository. tallison pushed a commit to branch branch_1x in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/branch_1x by this push: new 2e48245 TIKA-2598 -- add enforcerplugin to fail on dependency convergence problems, and fix dependency conflicts where possible. new 4eb8ae1 Merge branch 'branch_1x' of https://github.com/apache/tika into branch_1x 2e48245 is described below commit 2e482458d934b1e7105602c3c4de95a8f81a5808 Author: tballison <talli...@mitre.org> AuthorDate: Tue Mar 6 15:17:42 2018 -0500 TIKA-2598 -- add enforcerplugin to fail on dependency convergence problems, and fix dependency conflicts where possible. --- tika-langdetect/pom.xml | 17 +++++++- tika-parent/pom.xml | 30 +++++++++++-- tika-parsers/pom.xml | 102 ++++++++++++++++++++++++++++++++++++++++++--- tika-serialization/pom.xml | 2 +- 4 files changed, 139 insertions(+), 12 deletions(-) diff --git a/tika-langdetect/pom.xml b/tika-langdetect/pom.xml index 2f919a1..8f2b7df 100644 --- a/tika-langdetect/pom.xml +++ b/tika-langdetect/pom.xml @@ -43,7 +43,20 @@ <dependency> <groupId>com.optimaize.languagedetector</groupId> <artifactId>language-detector</artifactId> - <version>0.5</version> + <version>0.6</version> + <exclusions> + <exclusion> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- exclude and then add back in to avoid + conflicts with edu.ucar:cdm in tika-parsers --> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + <version>17.0</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> @@ -53,7 +66,7 @@ <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.6.1</version> + <version>${gson.version}</version> </dependency> <!-- Test dependencies --> diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml index e56ba1d..2cbcf4e 100644 --- a/tika-parent/pom.xml +++ b/tika-parent/pom.xml @@ -307,7 +307,8 @@ <project.reporting.outputEncoding>${project.build.sourceEncoding}</project.reporting.outputEncoding> <!-- NOTE: sync tukaani version with commons-compress in tika-parsers --> <commons.compress.version>1.14</commons.compress.version> - <commons.io.version>2.5</commons.io.version> + <commons.io.version>2.6</commons.io.version> + <gson.version>2.8.1</gson.version> <cxf.version>3.0.16</cxf.version> <slf4j.version>1.7.24</slf4j.version> </properties> @@ -325,7 +326,8 @@ <plugin> <groupId>de.thetaphi</groupId> <artifactId>forbiddenapis</artifactId> - <version>2.3</version> + <!-- if this version contains commons-io 2.6, remove hard-coded commons-io version below --> + <version>2.4.1</version> <configuration> <targetVersion>${maven.compiler.target}</targetVersion> <failOnUnresolvableSignatures>false</failOnUnresolvableSignatures> @@ -335,7 +337,11 @@ <bundledSignature>jdk-deprecated</bundledSignature> <bundledSignature>jdk-non-portable</bundledSignature> <bundledSignature>jdk-internal</bundledSignature> - <bundledSignature>commons-io-unsafe-${commons.io.version}</bundledSignature> + <!--2.6 is the same as 2.5 + TODO: change back to the following when we upgrade forbidden apis + <bundledSignature>commons-io-unsafe-${commons.io.version}</bundledSignature> + --> + <bundledSignature>commons-io-unsafe-2.5</bundledSignature> </bundledSignatures> </configuration> <executions> @@ -377,6 +383,24 @@ </dependency> </dependencies> </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-enforcer-plugin</artifactId> + <version>3.0.0-M1</version> + <executions> + <execution> + <id>enforce</id> + <configuration> + <rules> + <dependencyConvergence/> + </rules> + </configuration> + <goals> + <goal>enforce</goal> + </goals> + </execution> + </executions> + </plugin> </plugins> </build> diff --git a/tika-parsers/pom.xml b/tika-parsers/pom.xml index e13b5ea..271ec07 100644 --- a/tika-parsers/pom.xml +++ b/tika-parsers/pom.xml @@ -81,11 +81,17 @@ <groupId>org.gagravarr</groupId> <artifactId>vorbis-java-tika</artifactId> <version>${vorbis.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.tika</groupId> + <artifactId>tika-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.healthmarketscience.jackcess</groupId> <artifactId>jackcess</artifactId> - <version>2.1.8</version> + <version>2.1.10</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -96,12 +102,18 @@ <dependency> <groupId>com.healthmarketscience.jackcess</groupId> <artifactId>jackcess-encrypt</artifactId> - <version>2.1.2</version> + <version>2.1.4</version> <exclusions> <exclusion> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> </exclusion> + <!-- to avoid maven-enforcer convergence error, + let's make this explicit --> + <exclusion> + <groupId>com.healthmarketscience.jackcess</groupId> + <artifactId>jackcess</artifactId> + </exclusion> </exclusions> </dependency> @@ -316,7 +328,7 @@ <dependency> <groupId>org.apache.opennlp</groupId> <artifactId>opennlp-tools</artifactId> - <version>1.8.3</version> + <version>1.8.4</version> </dependency> <dependency> @@ -350,7 +362,7 @@ <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.8.1</version> + <version>${gson.version}</version> </dependency> <!-- logging dependencies --> @@ -375,7 +387,7 @@ <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> - <version>1.7</version> + <version>2.15.0</version> <scope>test</scope> </dependency> <dependency> @@ -395,6 +407,10 @@ <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> </exclusion> + <exclusion> + <groupId>org.jdom</groupId> + <artifactId>jdom2</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -410,6 +426,10 @@ <groupId>org.jsoup</groupId> <artifactId>jsoup</artifactId> </exclusion> + <exclusion> + <groupId>org.jdom</groupId> + <artifactId>jdom2</artifactId> + </exclusion> </exclusions> </dependency> <!-- grib's current jsoup is vulnerable to xss @@ -431,6 +451,14 @@ <groupId>org.slf4j</groupId> <artifactId>jcl-over-slf4j</artifactId> </exclusion> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> + <exclusion> + <groupId>org.jdom</groupId> + <artifactId>jdom2</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -449,6 +477,9 @@ </exclusion> <exclusion> <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + </exclusion> <exclusion> + <groupId>org.apache.httpcomponents</groupId> <artifactId>httpmime</artifactId> </exclusion> </exclusions> @@ -552,7 +583,7 @@ <dependency> <groupId>org.apache.ctakes</groupId> <artifactId>ctakes-core</artifactId> - <version>3.2.2</version> + <version>4.0.0</version> <scope>provided</scope> <exclusions> <exclusion> @@ -579,9 +610,62 @@ <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> </exclusion> + <exclusion> + <groupId>org.apache.opennlp</groupId> + <artifactId>opennlp-tools</artifactId> + </exclusion> + <exclusion> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </exclusion> + <exclusion> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.uima</groupId> + <artifactId>uimafit-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.uima</groupId> + <artifactId>uimaj-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.jdom</groupId> + <artifactId>jdom2</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- need to specify this to avoid + version clash within ctakes-core 4.0.0 --> + <dependency> + <groupId>org.apache.uima</groupId> + <artifactId>uimafit-core</artifactId> + <version>2.2.0</version> + <exclusions> + <exclusion> + <groupId>org.apache.uima</groupId> + <artifactId>uimaj-core</artifactId> + </exclusion> + <exclusion> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </exclusion> </exclusions> </dependency> + <!-- need to specify this to avoid + version clash within ctakes-core 4.0.0 --> + <dependency> + <groupId>org.apache.uima</groupId> + <artifactId>uimaj-core</artifactId> + <version>2.9.0</version> + </dependency> + <dependency> + <groupId>org.jdom</groupId> + <artifactId>jdom2</artifactId> + <version>2.0.6</version> + </dependency> <!--Jackson parse String to JSON--> <dependency> <groupId>com.fasterxml.jackson.core</groupId> @@ -614,6 +698,12 @@ <artifactId>jai-imageio-jpeg2000</artifactId> <version>1.3.0</version> <scope>test</scope> + <exclusions> + <exclusion> + <groupId>com.github.jai-imageio</groupId> + <artifactId>jai-imageio-core</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> diff --git a/tika-serialization/pom.xml b/tika-serialization/pom.xml index 277e974..9220cdf 100644 --- a/tika-serialization/pom.xml +++ b/tika-serialization/pom.xml @@ -53,7 +53,7 @@ <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.8.1</version> + <version>${gson.version}</version> </dependency> <!-- Test dependencies --> -- To stop receiving notification emails like this one, please contact talli...@apache.org.