utafrali commented on code in PR #2771:
URL: https://github.com/apache/tika/pull/2771#discussion_r3097811393
##########
tika-parent/pom.xml:
##########
@@ -326,7 +326,7 @@
<biz.aqute.version>7.2.3</biz.aqute.version>
<boilerpipe.version>1.1.0</boilerpipe.version>
<!-- used by POI, PDFBox and Jackcess encrypt ...try to sync -->
- <bouncycastle.version>1.83</bouncycastle.version>
+ <bouncycastle.version>1.84</bouncycastle.version>
Review Comment:
The comment on line 328 says "try to sync" with POI, PDFBox, and Jackcess
Encrypt. It's worth confirming that those libraries' current releases also
expect 1.84 (or are at minimum compatible with it), so Tika doesn't
accidentally override a transitive dependency with a version those libraries
haven't validated.
##########
tika-parent/pom.xml:
##########
@@ -388,8 +388,8 @@
(only on the CI, not on local Windows with Docker, see comment in
TIKA-4327 on 14.12.2024)
expecting org.eclipse.jetty.client.util.InputStreamResponseListener
which is only available
in Jetty up to 11.0.26
- but this class is now in org.eclipse.jetty.client, see also
-
https://jetty.org/docs/jetty/12/programming-guide/migration/11-to-12.html
+ but this class is now in org.eclipse.jetty.client, see also
Review Comment:
These three trailing-whitespace removals (here, line 392, and line 447) are
unrelated to the bouncycastle bump. They add noise to an otherwise surgical
diff and make it harder to verify the change at a glance. Ideally a
dependency-version PR contains only the version line change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
