Platform: java 11, karaf 4.3.2 I got a security alert from github, telling me to upgrade jsoup to 1.14.2.
However, jsoup 1.14.2 is an OSGi bundle that requires the javax.annotation package, with versions between 3.0 and 4.0, from the jsoup 1.14.2 MANIFEST.MF: Import-Package: javax.annotation;version="[3.0,4)",javax.annotation.meta ;version="[3.0,4)",javax.net.ssl,javax.xml.parsers,javax.xml.transform, javax.xml.transform.dom,javax.xml.transform.stream,org.jsoup;version="[ 1.14,2)",org.jsoup.helper;version="[1.14,2)",org.jsoup.internal;version ="[1.14,2)",org.jsoup.nodes;version="[1.14,2)",org.jsoup.parser;version ="[1.14,2)",org.jsoup.safety;version="[1.14,2)",org.jsoup.select;versio n="[1.14,2)",org.w3c.dom Problem: javax.annotation in karaf, is provided by the felix framework, and is version 1.3: karaf@root()> package:exports | grep annotation java.lang.annotation x 0.0.0 x 0 x org.apache.felix.framework javax.annotation.processing x 1.0.0 x 0 x org.apache.felix.framework javax.annotation x 1.3.0 x 0 x org.apache.felix.framework javax.xml.bind.annotation.adapters x 2.3.0 x 0 x org.apache.felix.framework javax.xml.bind.annotation x 2.3.0 x 0 x org.apache.felix.framework karaf@root()> (Is javax.annotation 3.0 a even real thing...? I found this when googling https://mvnrepository.com/artifact/org.glassfish/javax.annotation The version numbers are weird and the dates are old (2011), and AFAIK this isn't a package that have had any actual changes for, like, ever...) Is there a workaround, other than re-bundling jsoup? Thanks! - Steinar
