[jira] [Commented] (TIKA-3935) Remove log4j 1.2.x from dependencies
[ https://issues.apache.org/jira/browse/TIKA-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636244#comment-17636244 ] ASF GitHub Bot commented on TIKA-3935: -- grossws merged PR #809: URL: https://github.com/apache/tika/pull/809 > Remove log4j 1.2.x from dependencies > > > Key: TIKA-3935 > URL: https://issues.apache.org/jira/browse/TIKA-3935 > Project: Tika > Issue Type: Task > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Minor > Fix For: 2.6.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [tika] grossws merged pull request #809: TIKA-3935 Remove log4j 1.2.x from dependencies
grossws merged PR #809: URL: https://github.com/apache/tika/pull/809 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tika.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[
https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636242#comment-17636242
]
Konstantin Gribov edited comment on TIKA-3934 at 11/19/22 10:31 PM:
It seems that it doesn't if the dependency isn't used in the tika artifact in
any way (including test dependencies).
If I have import for {{org.apache.tika:tika-bom}} and add
{{org.apache.tika:tika-core}} and {{io.netty:netty-buffer}} without versions
both Maven and Gradle build will fail.
On the other hand {{log4j-core}} version (and version constraint in Gradle
case) leaks from {{tika-parent}} via {{tika-bom}}. Inconsistently in Maven case.
||Type||Use BOM||tika-core||log4j-core||Result||
|Maven|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0|
|Maven|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.18.0|
|Maven|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0|
|Gradle|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0|
|Gradle|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.19.0|
|Gradle|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0|
Test Maven project (run {{mvn package}} to see actual dependencies in the
output):
{code:xml|title=pom.xml}
http://maven.apache.org/POM/4.0.0;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
4.0.0
org.example
bom-test
1.0-SNAPSHOT
17
17
UTF-8
org.apache.tika
tika-bom
2.6.0
pom
import
org.apache.tika
tika-core
org.apache.logging.log4j
log4j-core
org.apache.maven.plugins
maven-dependency-plugin
3.3.0
test
package
copy-dependencies
${project.build.directory}/deps
{code}
Gradle test project (run {{gradle dependencyInsight --dependency log4j}} or
{{gradle dependencies --configuration rC}}):
{code:groovy|title=settings.gradle.kts}
dependencyResolutionManagement {
repositories.mavenCentral()
}
{code}
{code:groovy|title=build.gradle.kts}
plugins {
id("java-library")
}
dependencies {
api(platform("org.apache.tika:tika-bom:2.6.0"))
api("org.apache.tika:tika-core")
implementation("org.apache.logging.log4j:log4j-core:2.18.0")
}
{code}
was (Author: grossws):
It seems that it doesn't, if I have import for {{org.apache.tika:tika-bom}} and
add {{org.apache.tika:tika-core}} and {{io.netty:netty-buffer}} without
versions both Maven and Gradle build will fail.
On the other hand {{log4j-core}} version (and version constraint in Gradle
case) leaks from {{tika-parent}} via {{tika-bom}}.
||Type||Use BOM||tika-core||log4j-core||Result||
|Maven|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0|
|Maven|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.18.0|
|Maven|no|2.6.0.|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0|
|Gradle|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0|
|Gradle|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.19.0|
|Gradle|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0|
Test Maven project (run {{mvn package}} to see actual dependencies in the
output):
{code:xml|title=pom.xml}
http://maven.apache.org/POM/4.0.0;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
4.0.0
org.example
bom-test
1.0-SNAPSHOT
17
17
UTF-8
org.apache.tika
tika-bom
2.6.0
pom
import
org.apache.tika
tika-core
org.apache.logging.log4j
log4j-core
org.apache.maven.plugins
maven-dependency-plugin
3.3.0
test
package
copy-dependencies
${project.build.directory}/deps
{code}
Gradle test project (run {{gradle dependencyInsight --dependency log4j}} or
{{gradle dependencies --configuration rC}}):
{code:kotlin|title=settings.gradle.kts}
dependencyResolutionManagement {
repositories.mavenCentral()
}
{code}
{code:kotlin|title=build.gradle.kts}
plugins {
`java-library`
}
dependencies {
api(platform("org.apache.tika:tika-bom:2.6.0"))
api("org.apache.tika:tika-core")
implementation("org.apache.logging.log4j:log4j-core:2.18.0")
}
{code}
> Reogranize POMs parent chain to avoid leaking dependency management downstream
> --
>
> Key: TIKA-3934
> URL:
[jira] [Commented] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[
https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636242#comment-17636242
]
Konstantin Gribov commented on TIKA-3934:
-
It seems that it doesn't, if I have import for {{org.apache.tika:tika-bom}} and
add {{org.apache.tika:tika-core}} and {{io.netty:netty-buffer}} without
versions both Maven and Gradle build will fail.
On the other hand {{log4j-core}} version (and version constraint in Gradle
case) leaks from {{tika-parent}} via {{tika-bom}}.
||Type||Use BOM||tika-core||log4j-core||Result||
|Maven|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0|
|Maven|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.18.0|
|Maven|no|2.6.0.|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0|
|Gradle|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0|
|Gradle|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.19.0|
|Gradle|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0|
Test Maven project (run {{mvn package}} to see actual dependencies in the
output):
{code:xml|title=pom.xml}
http://maven.apache.org/POM/4.0.0;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
4.0.0
org.example
bom-test
1.0-SNAPSHOT
17
17
UTF-8
org.apache.tika
tika-bom
2.6.0
pom
import
org.apache.tika
tika-core
org.apache.logging.log4j
log4j-core
org.apache.maven.plugins
maven-dependency-plugin
3.3.0
test
package
copy-dependencies
${project.build.directory}/deps
{code}
Gradle test project (run {{gradle dependencyInsight --dependency log4j}} or
{{gradle dependencies --configuration rC}}):
{code:kotlin|title=settings.gradle.kts}
dependencyResolutionManagement {
repositories.mavenCentral()
}
{code}
{code:kotlin|title=build.gradle.kts}
plugins {
`java-library`
}
dependencies {
api(platform("org.apache.tika:tika-bom:2.6.0"))
api("org.apache.tika:tika-core")
implementation("org.apache.logging.log4j:log4j-core:2.18.0")
}
{code}
> Reogranize POMs parent chain to avoid leaking dependency management downstream
> --
>
> Key: TIKA-3934
> URL: https://issues.apache.org/jira/browse/TIKA-3934
> Project: Tika
> Issue Type: Improvement
> Components: depedency
>Affects Versions: 2.6.0
>Reporter: Konstantin Gribov
>Assignee: Konstantin Gribov
>Priority: Major
> Fix For: 2.6.1, 2.7.0
>
>
> Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM
> and thus forces a lot of dependency versions on downstream users.
> For example if one use only PDF module there's no reason to force
> Netty/Jetty/CXF/whatever versions.
> I propose the following:
> * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}}
> modules on the reactor
> * move all our dependency management and build related configuration to the
> reactor ({{tika}} root project)
> I've started these work last week and will publish first PR for review soon.
> Moving parts from {{tika-parent}} to {{tika}} may take some time so little
> steps without build disruption is a must
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[
https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636239#comment-17636239
]
Konstantin Gribov commented on TIKA-3934:
-
I need to recheck if Maven inherits parent dependencyManagement via imported
BOM. Maybe this issue is invalid
> Reogranize POMs parent chain to avoid leaking dependency management downstream
> --
>
> Key: TIKA-3934
> URL: https://issues.apache.org/jira/browse/TIKA-3934
> Project: Tika
> Issue Type: Improvement
> Components: depedency
>Affects Versions: 2.6.0
>Reporter: Konstantin Gribov
>Assignee: Konstantin Gribov
>Priority: Major
> Fix For: 2.6.1, 2.7.0
>
>
> Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM
> and thus forces a lot of dependency versions on downstream users.
> For example if one use only PDF module there's no reason to force
> Netty/Jetty/CXF/whatever versions.
> I propose the following:
> * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}}
> modules on the reactor
> * move all our dependency management and build related configuration to the
> reactor ({{tika}} root project)
> I've started these work last week and will publish first PR for review soon.
> Moving parts from {{tika-parent}} to {{tika}} may take some time so little
> steps without build disruption is a must
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (TIKA-3735) Require Java 11 for 2.x at some point
[ https://issues.apache.org/jira/browse/TIKA-3735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636238#comment-17636238 ] Konstantin Gribov commented on TIKA-3735: - Another thing that comes to mind that we could have different required JDK version for Tika downstream consumers and to build Tika itself (including tests). Maybe even for some modules that are for internal usage if we can consider any module internal > Require Java 11 for 2.x at some point > - > > Key: TIKA-3735 > URL: https://issues.apache.org/jira/browse/TIKA-3735 > Project: Tika > Issue Type: Task >Reporter: Tim Allison >Priority: Major > > This follows on from discussion we had on the user/dev list for when we want > to require Java 11. I think the consensus was: wait until we have to. > The following libraries require > Java 8 at the moment. I don't think > updating any of these is critical, but I do want to document where we're > stuck. > We can modify/edit this list as necessary: > * Apache OpenNLP 2.0.0 requires Java 11. > * DL4J 1.0.0-M2.1 - datavec-data-image-1.0.0-M2.1.jar requires Java 11 > * Lucene 9.x -- used in tika-eval > * icu4j -- we can't upgrade past 62.2 (April 2019) because that is the latest > version that is compatible with Lucene 8.11.1 > (https://github.com/apache/tika/pull/587) > * mime4j -- the last 2 (or three?) releases have been accidentally built with > Java 9 without the correct release=8. This should be fixed in the next > release. > * Fakeload > * > [checkstyle|https://mail.google.com/mail/u/0/#label/lists%2Ftika/WhctKKXXHvjnJRRdBSwLbKkDkXQtRnWGDhblVMQQZhjsDGrFpRMRQJJrZSdskrNCqcmTtjL] > * errorprone requires Java 11 for the build (doesn't mean we can't target 8) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (TIKA-3175) Upgrade version of TPS: commons-io
[ https://issues.apache.org/jira/browse/TIKA-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov closed TIKA-3175. --- > Upgrade version of TPS: commons-io > -- > > Key: TIKA-3175 > URL: https://issues.apache.org/jira/browse/TIKA-3175 > Project: Tika > Issue Type: Bug >Affects Versions: 1.23, 1.24, 1.24.1 >Reporter: Shubhangi Raut >Priority: Critical > > Latest tika-bundle jars use commons-io-1.26.jar in them. > There is a vulnerability reported for commons-io-2.6.jar which is fixed in > version 2.7. > Details can be found in the following link: > Project: https://issues.apache.org/jira/browse/IO-559 > > Please upgrade the version for commons-io to 2.7 in next release. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3175) Upgrade version of TPS: commons-io
[ https://issues.apache.org/jira/browse/TIKA-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3175. - Resolution: Duplicate > Upgrade version of TPS: commons-io > -- > > Key: TIKA-3175 > URL: https://issues.apache.org/jira/browse/TIKA-3175 > Project: Tika > Issue Type: Bug >Affects Versions: 1.23, 1.24, 1.24.1 >Reporter: Shubhangi Raut >Priority: Critical > > Latest tika-bundle jars use commons-io-1.26.jar in them. > There is a vulnerability reported for commons-io-2.6.jar which is fixed in > version 2.7. > Details can be found in the following link: > Project: https://issues.apache.org/jira/browse/IO-559 > > Please upgrade the version for commons-io to 2.7 in next release. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3387) Unexpected RuntimeException from org.apache.tika.parser.microsoft.ooxml.OOXMLParser
[
https://issues.apache.org/jira/browse/TIKA-3387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konstantin Gribov resolved TIKA-3387.
-
Resolution: Incomplete
Please feel free to reopen the issue if it can be reproduced with more recent
Tika version (2.6.0 at the moment) and you could provide a bit more info
> Unexpected RuntimeException from
> org.apache.tika.parser.microsoft.ooxml.OOXMLParser
> ---
>
> Key: TIKA-3387
> URL: https://issues.apache.org/jira/browse/TIKA-3387
> Project: Tika
> Issue Type: Bug
> Components: parser
> Environment: dev testing
>Reporter: Manojkumar M
>Priority: Critical
>
> org.apache.tika.exception.TikaException: Unexpected RuntimeException from
> org.apache.tika.parser.microsoft.ooxml.OOXMLParser@7b6359a0
>
>
> This is the only exception trace we are getting in the code.
>
> This is what is put in the pom.xml
>
> <*dependency*>
> <*groupId*>org.apache.tika
> <*artifactId*>tika-core
>
> <*dependency*>
> <*groupId*>org.apache.tika
> <*artifactId*>tika-parsers
> <*exclusions*>
> <*exclusion*>
> <*groupId*>com.fasterxml.jackson.core
> <*artifactId*>jackson-core
>
> <*exclusion*>
> <*groupId*>com.fasterxml.jackson.core
> <*artifactId*>jackson-annotations
>
>
>
> {color:#FF}*Version*{color}
> tika-parsers: 1.24.1
> poi-ooxml: 4.1.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (TIKA-3712) update jackson-databind to 2.13.2.1 or greater in tika jars
[ https://issues.apache.org/jira/browse/TIKA-3712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3712. - Resolution: Fixed > update jackson-databind to 2.13.2.1 or greater in tika jars > --- > > Key: TIKA-3712 > URL: https://issues.apache.org/jira/browse/TIKA-3712 > Project: Tika > Issue Type: Bug > Components: tika-eval >Affects Versions: 2.3.0 >Reporter: Dhoka Pramod >Priority: Critical > Fix For: 2.4.1 > > > [com.fasterxml.jackson.core_jackson-databind_2.13.1|https://austsbldci-res.lab.opentext.com/static-files/FKgXaaJSguhZ4lO6UfpswhoSmhYTiF2UyQU-rrbduGUxNjQ4NzM4OTIzNDgzOjg6aHNjaGVpYm46dmlldy9UZWFtU2l0ZS9qb2IvRG9ja2VySW1hZ2UtVFMyMi4yL2xhc3RTdWNjZXNzZnVsQnVpbGQvYXJ0aWZhY3Q=/twistlock-report.html#sha256:55f19c5712346e29554e65473ac7c1ef988a2ae2fe1ffa71035426183d4ad4e9_com.fasterxml.jackson.core_jackson-databind_2.13.1] > in tika eval app is of version 2.13.1 which has > [CVE-2020-36518|https://nvd.nist.gov/vuln/detail/CVE-2020-36518] > vulnerability. > jackson databind jars needs to be updated to *2.13.2.1 or greater.* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3712) update jackson-databind to 2.13.2.1 or greater in tika jars
[ https://issues.apache.org/jira/browse/TIKA-3712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3712: Fix Version/s: 2.4.1 > update jackson-databind to 2.13.2.1 or greater in tika jars > --- > > Key: TIKA-3712 > URL: https://issues.apache.org/jira/browse/TIKA-3712 > Project: Tika > Issue Type: Bug > Components: tika-eval >Affects Versions: 2.3.0 >Reporter: Dhoka Pramod >Priority: Critical > Fix For: 2.4.1 > > > [com.fasterxml.jackson.core_jackson-databind_2.13.1|https://austsbldci-res.lab.opentext.com/static-files/FKgXaaJSguhZ4lO6UfpswhoSmhYTiF2UyQU-rrbduGUxNjQ4NzM4OTIzNDgzOjg6aHNjaGVpYm46dmlldy9UZWFtU2l0ZS9qb2IvRG9ja2VySW1hZ2UtVFMyMi4yL2xhc3RTdWNjZXNzZnVsQnVpbGQvYXJ0aWZhY3Q=/twistlock-report.html#sha256:55f19c5712346e29554e65473ac7c1ef988a2ae2fe1ffa71035426183d4ad4e9_com.fasterxml.jackson.core_jackson-databind_2.13.1] > in tika eval app is of version 2.13.1 which has > [CVE-2020-36518|https://nvd.nist.gov/vuln/detail/CVE-2020-36518] > vulnerability. > jackson databind jars needs to be updated to *2.13.2.1 or greater.* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TIKA-3935) Remove log4j 1.2.x from dependencies
[ https://issues.apache.org/jira/browse/TIKA-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636230#comment-17636230 ] ASF GitHub Bot commented on TIKA-3935: -- grossws opened a new pull request, #809: URL: https://github.com/apache/tika/pull/809 Affects `tika-parser-nlp-module` and `tika-age-recognizer` (presumably deprecated) > Remove log4j 1.2.x from dependencies > > > Key: TIKA-3935 > URL: https://issues.apache.org/jira/browse/TIKA-3935 > Project: Tika > Issue Type: Task > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Minor > Fix For: 2.6.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [tika] grossws opened a new pull request, #809: TIKA-3935 Remove log4j 1.2.x from dependencies
grossws opened a new pull request, #809: URL: https://github.com/apache/tika/pull/809 Affects `tika-parser-nlp-module` and `tika-age-recognizer` (presumably deprecated) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tika.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (TIKA-3935) Remove log4j 1.2.x from dependencies
Konstantin Gribov created TIKA-3935: --- Summary: Remove log4j 1.2.x from dependencies Key: TIKA-3935 URL: https://issues.apache.org/jira/browse/TIKA-3935 Project: Tika Issue Type: Task Components: depedency Affects Versions: 2.6.0 Reporter: Konstantin Gribov Assignee: Konstantin Gribov Fix For: 2.6.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TIKA-3324) Add checkstyle checker
[
https://issues.apache.org/jira/browse/TIKA-3324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636228#comment-17636228
]
Konstantin Gribov commented on TIKA-3324:
-
I certainly lost against checkstyle plugin. When I just run {{mvn
checkstyle:checkstyle}} it fails on {{tika-core}} with something like 5.7k
errors.
What do you think about using [spotless|https://github.com/diffplug/spotless]?
It supports
[ratchet|https://github.com/diffplug/spotless/tree/main/plugin-gradle#ratchet]
mode to avoid reformatting all files at once and to force reformat only on
changed files. I'm going to experiment with it in a separate branch for POMs at
first.
> Add checkstyle checker
> --
>
> Key: TIKA-3324
> URL: https://issues.apache.org/jira/browse/TIKA-3324
> Project: Tika
> Issue Type: Task
>Reporter: Tim Allison
>Assignee: Tim Allison
>Priority: Major
>
> I _think_ we can introduce this gently at first. And slowly fix files as time
> allows. Obv, we can hope a bulk fix will work, and it won’t be much
> effort... WDYT?
>
> H/T [~ndipiazza_gmail] for the recommendation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[
https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konstantin Gribov updated TIKA-3934:
Fix Version/s: 2.6.1
> Reogranize POMs parent chain to avoid leaking dependency management downstream
> --
>
> Key: TIKA-3934
> URL: https://issues.apache.org/jira/browse/TIKA-3934
> Project: Tika
> Issue Type: Improvement
> Components: depedency
>Affects Versions: 2.6.0
>Reporter: Konstantin Gribov
>Assignee: Konstantin Gribov
>Priority: Major
> Fix For: 2.6.1, 2.7.0
>
>
> Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM
> and thus forces a lot of dependency versions on downstream users.
> For example if one use only PDF module there's no reason to force
> Netty/Jetty/CXF/whatever versions.
> I propose the following:
> * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}}
> modules on the reactor
> * move all our dependency management and build related configuration to the
> reactor ({{tika}} root project)
> I've started these work last week and will publish first PR for review soon.
> Moving parts from {{tika-parent}} to {{tika}} may take some time so little
> steps without build disruption is a must
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[
https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konstantin Gribov updated TIKA-3934:
Description:
Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM and
thus forces a lot of dependency versions on downstream users.
For example if one use only PDF module there's no reason to force
Netty/Jetty/CXF/whatever versions.
I propose the following:
* make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}}
modules on the reactor
* move all our dependency management and build related configuration to the
reactor ({{tika}} root project)
I've started these work last week and will publish first PR for review soon.
Moving parts from {{tika-parent}} to {{tika}} may take some time so little
steps without build disruption is a must
was:
Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM and
thus forces a lot of dependency versions on downstream users.
For example if one use only PDF module there's no reason to force
Netty/Jetty/CXF/whatever versions.
I propose the following:
* move all our dependency management and build related configuration to the
reactor ({{tika}} root project)
* make {{tika}} rector depend on {{tika-parent}} and all other {{tika-*}}
modules on the reactor
I've started these work last week and will publish first PR for review soon.
Moving parts from {{tika-parent}} to {{tika}} may take some time so little
steps without build disruption is a must
> Reogranize POMs parent chain to avoid leaking dependency management downstream
> --
>
> Key: TIKA-3934
> URL: https://issues.apache.org/jira/browse/TIKA-3934
> Project: Tika
> Issue Type: Improvement
> Components: depedency
>Affects Versions: 2.6.0
>Reporter: Konstantin Gribov
>Assignee: Konstantin Gribov
>Priority: Major
> Fix For: 2.7.0
>
>
> Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM
> and thus forces a lot of dependency versions on downstream users.
> For example if one use only PDF module there's no reason to force
> Netty/Jetty/CXF/whatever versions.
> I propose the following:
> * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}}
> modules on the reactor
> * move all our dependency management and build related configuration to the
> reactor ({{tika}} root project)
> I've started these work last week and will publish first PR for review soon.
> Moving parts from {{tika-parent}} to {{tika}} may take some time so little
> steps without build disruption is a must
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
Konstantin Gribov created TIKA-3934:
---
Summary: Reogranize POMs parent chain to avoid leaking dependency
management downstream
Key: TIKA-3934
URL: https://issues.apache.org/jira/browse/TIKA-3934
Project: Tika
Issue Type: Improvement
Components: depedency
Affects Versions: 2.6.0
Reporter: Konstantin Gribov
Assignee: Konstantin Gribov
Fix For: 2.7.0
Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM and
thus forces a lot of dependency versions on downstream users.
For example if one use only PDF module there's no reason to force
Netty/Jetty/CXF/whatever versions.
I propose the following:
* move all our dependency management and build related configuration to the
reactor ({{tika}} root project)
* make {{tika}} rector depend on {{tika-parent}} and all other {{tika-*}}
modules on the reactor
I've started these work last week and will publish first PR for review soon.
Moving parts from {{tika-parent}} to {{tika}} may take some time so little
steps without build disruption is a must
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (TIKA-3368) Add Bill of Materials (BOM) artifact (Tika 1.x)
[ https://issues.apache.org/jira/browse/TIKA-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov closed TIKA-3368. --- > Add Bill of Materials (BOM) artifact (Tika 1.x) > --- > > Key: TIKA-3368 > URL: https://issues.apache.org/jira/browse/TIKA-3368 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 1.27 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3368) Add Bill of Materials (BOM) artifact (Tika 1.x)
[ https://issues.apache.org/jira/browse/TIKA-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3368. - Resolution: Invalid Tika 1.x reached EOL and PR was closed some time ago, just a JIRA cleanup > Add Bill of Materials (BOM) artifact (Tika 1.x) > --- > > Key: TIKA-3368 > URL: https://issues.apache.org/jira/browse/TIKA-3368 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 1.27 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3368) Add Bill of Materials (BOM) artifact (Tika 1.x)
[ https://issues.apache.org/jira/browse/TIKA-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3368: Fix Version/s: 1.27 (was: 2.0.0-BETA) > Add Bill of Materials (BOM) artifact (Tika 1.x) > --- > > Key: TIKA-3368 > URL: https://issues.apache.org/jira/browse/TIKA-3368 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 1.27 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3367) Add Bill of Materials (BOM) artifact
[ https://issues.apache.org/jira/browse/TIKA-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3367: Fix Version/s: 2.3.0 (was: 2.1.0) > Add Bill of Materials (BOM) artifact > > > Key: TIKA-3367 > URL: https://issues.apache.org/jira/browse/TIKA-3367 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3367) Add Bill of Materials (BOM) artifact
[ https://issues.apache.org/jira/browse/TIKA-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3367. - Resolution: Fixed > Add Bill of Materials (BOM) artifact > > > Key: TIKA-3367 > URL: https://issues.apache.org/jira/browse/TIKA-3367 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (TIKA-3367) Add Bill of Materials (BOM) artifact
[ https://issues.apache.org/jira/browse/TIKA-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov closed TIKA-3367. --- > Add Bill of Materials (BOM) artifact > > > Key: TIKA-3367 > URL: https://issues.apache.org/jira/browse/TIKA-3367 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
