Guillaume Smet commented on TIKA-2598:

Hi [~talli...@mitre.org],

Sorry for the delay. So to fix the issue, you can use exclusions as you did. 
The drawback of this approach is that, if a new dependency adds a component 
with yet another version, you need to add new exclusions.

The other option is to use a {{<dependencyManagement>}} section in your parent 
pom. All the dependencies defined in this section will have the fixed version 
you define, and it will enforce that to the transitive dependencies.

It's usually the recommended approach, but seeing your patch, it looks like 
using exclusions is not that bad in your case.

Thanks for the quick action on this!

> Fix dependency convergence
> --------------------------
>                 Key: TIKA-2598
>                 URL: https://issues.apache.org/jira/browse/TIKA-2598
>             Project: Tika
>          Issue Type: Improvement
>          Components: packaging
>    Affects Versions: 1.17
>            Reporter: Guillaume Smet
>            Assignee: Tim Allison
>            Priority: Blocker
>             Fix For: 2.0, 1.18
> Hi,
> We tried to upgrade Tika to 1.17 in Hibernate Search and we had some 
> dependency convergence issues:
> {code}
> Dependency convergence error for 
> com.healthmarketscience.jackcess:jackcess:2.1.8 paths to dependency are:
> +-org.hibernate:hibernate-search-engine:5.10.0-SNAPSHOT
>     +-org.apache.tika:tika-parsers:1.17
>          +-com.healthmarketscience.jackcess:jackcess:2.1.8
> and
> +-org.hibernate:hibernate-search-engine:5.10.0-SNAPSHOT
>      +-org.apache.tika:tika-parsers:1.17
>          +-com.healthmarketscience.jackcess:jackcess-encrypt:2.1.2
>              +-com.healthmarketscience.jackcess:jackcess:2.1.0
> {code}
> We could fix them downstream in Hibernate Search but I thought it would be 
> better if Tika could ensure the convergence of its dependencies using the 
> Maven enforcer plugin so that all the downstream projects can benefit from it.
> Thanks.

This message was sent by Atlassian JIRA

Reply via email to