[jira] [Commented] (TIKA-3935) Remove log4j 1.2.x from dependencies
[ https://issues.apache.org/jira/browse/TIKA-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636244#comment-17636244 ] ASF GitHub Bot commented on TIKA-3935: -- grossws merged PR #809: URL: https://github.com/apache/tika/pull/809 > Remove log4j 1.2.x from dependencies > > > Key: TIKA-3935 > URL: https://issues.apache.org/jira/browse/TIKA-3935 > Project: Tika > Issue Type: Task > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Minor > Fix For: 2.6.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [tika] grossws merged pull request #809: TIKA-3935 Remove log4j 1.2.x from dependencies
grossws merged PR #809: URL: https://github.com/apache/tika/pull/809 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tika.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[ https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636242#comment-17636242 ] Konstantin Gribov edited comment on TIKA-3934 at 11/19/22 10:31 PM: It seems that it doesn't if the dependency isn't used in the tika artifact in any way (including test dependencies). If I have import for {{org.apache.tika:tika-bom}} and add {{org.apache.tika:tika-core}} and {{io.netty:netty-buffer}} without versions both Maven and Gradle build will fail. On the other hand {{log4j-core}} version (and version constraint in Gradle case) leaks from {{tika-parent}} via {{tika-bom}}. Inconsistently in Maven case. ||Type||Use BOM||tika-core||log4j-core||Result|| |Maven|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0| |Maven|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.18.0| |Maven|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0| |Gradle|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0| |Gradle|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.19.0| |Gradle|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0| Test Maven project (run {{mvn package}} to see actual dependencies in the output): {code:xml|title=pom.xml} http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> 4.0.0 org.example bom-test 1.0-SNAPSHOT 17 17 UTF-8 org.apache.tika tika-bom 2.6.0 pom import org.apache.tika tika-core org.apache.logging.log4j log4j-core org.apache.maven.plugins maven-dependency-plugin 3.3.0 test package copy-dependencies ${project.build.directory}/deps {code} Gradle test project (run {{gradle dependencyInsight --dependency log4j}} or {{gradle dependencies --configuration rC}}): {code:groovy|title=settings.gradle.kts} dependencyResolutionManagement { repositories.mavenCentral() } {code} {code:groovy|title=build.gradle.kts} plugins { id("java-library") } dependencies { api(platform("org.apache.tika:tika-bom:2.6.0")) api("org.apache.tika:tika-core") implementation("org.apache.logging.log4j:log4j-core:2.18.0") } {code} was (Author: grossws): It seems that it doesn't, if I have import for {{org.apache.tika:tika-bom}} and add {{org.apache.tika:tika-core}} and {{io.netty:netty-buffer}} without versions both Maven and Gradle build will fail. On the other hand {{log4j-core}} version (and version constraint in Gradle case) leaks from {{tika-parent}} via {{tika-bom}}. ||Type||Use BOM||tika-core||log4j-core||Result|| |Maven|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0| |Maven|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.18.0| |Maven|no|2.6.0.|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0| |Gradle|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0| |Gradle|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.19.0| |Gradle|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0| Test Maven project (run {{mvn package}} to see actual dependencies in the output): {code:xml|title=pom.xml} http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> 4.0.0 org.example bom-test 1.0-SNAPSHOT 17 17 UTF-8 org.apache.tika tika-bom 2.6.0 pom import org.apache.tika tika-core org.apache.logging.log4j log4j-core org.apache.maven.plugins maven-dependency-plugin 3.3.0 test package copy-dependencies ${project.build.directory}/deps {code} Gradle test project (run {{gradle dependencyInsight --dependency log4j}} or {{gradle dependencies --configuration rC}}): {code:kotlin|title=settings.gradle.kts} dependencyResolutionManagement { repositories.mavenCentral() } {code} {code:kotlin|title=build.gradle.kts} plugins { `java-library` } dependencies { api(platform("org.apache.tika:tika-bom:2.6.0")) api("org.apache.tika:tika-core") implementation("org.apache.logging.log4j:log4j-core:2.18.0") } {code} > Reogranize POMs parent chain to avoid leaking dependency management downstream > -- > > Key: TIKA-3934 > URL:
[jira] [Commented] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[ https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636242#comment-17636242 ] Konstantin Gribov commented on TIKA-3934: - It seems that it doesn't, if I have import for {{org.apache.tika:tika-bom}} and add {{org.apache.tika:tika-core}} and {{io.netty:netty-buffer}} without versions both Maven and Gradle build will fail. On the other hand {{log4j-core}} version (and version constraint in Gradle case) leaks from {{tika-parent}} via {{tika-bom}}. ||Type||Use BOM||tika-core||log4j-core||Result|| |Maven|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0| |Maven|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.18.0| |Maven|no|2.6.0.|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0| |Gradle|yes|-|-|log4j-api 2.19.0, log4j-core 2.19.0| |Gradle|yes|-|2.18.0|log4j-api 2.19.0, log4j-core 2.19.0| |Gradle|no|2.6.0|2.18.0|log4j-api 2.18.0, log4j-core 2.18.0| Test Maven project (run {{mvn package}} to see actual dependencies in the output): {code:xml|title=pom.xml} http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> 4.0.0 org.example bom-test 1.0-SNAPSHOT 17 17 UTF-8 org.apache.tika tika-bom 2.6.0 pom import org.apache.tika tika-core org.apache.logging.log4j log4j-core org.apache.maven.plugins maven-dependency-plugin 3.3.0 test package copy-dependencies ${project.build.directory}/deps {code} Gradle test project (run {{gradle dependencyInsight --dependency log4j}} or {{gradle dependencies --configuration rC}}): {code:kotlin|title=settings.gradle.kts} dependencyResolutionManagement { repositories.mavenCentral() } {code} {code:kotlin|title=build.gradle.kts} plugins { `java-library` } dependencies { api(platform("org.apache.tika:tika-bom:2.6.0")) api("org.apache.tika:tika-core") implementation("org.apache.logging.log4j:log4j-core:2.18.0") } {code} > Reogranize POMs parent chain to avoid leaking dependency management downstream > -- > > Key: TIKA-3934 > URL: https://issues.apache.org/jira/browse/TIKA-3934 > Project: Tika > Issue Type: Improvement > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.6.1, 2.7.0 > > > Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM > and thus forces a lot of dependency versions on downstream users. > For example if one use only PDF module there's no reason to force > Netty/Jetty/CXF/whatever versions. > I propose the following: > * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}} > modules on the reactor > * move all our dependency management and build related configuration to the > reactor ({{tika}} root project) > I've started these work last week and will publish first PR for review soon. > Moving parts from {{tika-parent}} to {{tika}} may take some time so little > steps without build disruption is a must -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[ https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636239#comment-17636239 ] Konstantin Gribov commented on TIKA-3934: - I need to recheck if Maven inherits parent dependencyManagement via imported BOM. Maybe this issue is invalid > Reogranize POMs parent chain to avoid leaking dependency management downstream > -- > > Key: TIKA-3934 > URL: https://issues.apache.org/jira/browse/TIKA-3934 > Project: Tika > Issue Type: Improvement > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.6.1, 2.7.0 > > > Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM > and thus forces a lot of dependency versions on downstream users. > For example if one use only PDF module there's no reason to force > Netty/Jetty/CXF/whatever versions. > I propose the following: > * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}} > modules on the reactor > * move all our dependency management and build related configuration to the > reactor ({{tika}} root project) > I've started these work last week and will publish first PR for review soon. > Moving parts from {{tika-parent}} to {{tika}} may take some time so little > steps without build disruption is a must -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TIKA-3735) Require Java 11 for 2.x at some point
[ https://issues.apache.org/jira/browse/TIKA-3735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636238#comment-17636238 ] Konstantin Gribov commented on TIKA-3735: - Another thing that comes to mind that we could have different required JDK version for Tika downstream consumers and to build Tika itself (including tests). Maybe even for some modules that are for internal usage if we can consider any module internal > Require Java 11 for 2.x at some point > - > > Key: TIKA-3735 > URL: https://issues.apache.org/jira/browse/TIKA-3735 > Project: Tika > Issue Type: Task >Reporter: Tim Allison >Priority: Major > > This follows on from discussion we had on the user/dev list for when we want > to require Java 11. I think the consensus was: wait until we have to. > The following libraries require > Java 8 at the moment. I don't think > updating any of these is critical, but I do want to document where we're > stuck. > We can modify/edit this list as necessary: > * Apache OpenNLP 2.0.0 requires Java 11. > * DL4J 1.0.0-M2.1 - datavec-data-image-1.0.0-M2.1.jar requires Java 11 > * Lucene 9.x -- used in tika-eval > * icu4j -- we can't upgrade past 62.2 (April 2019) because that is the latest > version that is compatible with Lucene 8.11.1 > (https://github.com/apache/tika/pull/587) > * mime4j -- the last 2 (or three?) releases have been accidentally built with > Java 9 without the correct release=8. This should be fixed in the next > release. > * Fakeload > * > [checkstyle|https://mail.google.com/mail/u/0/#label/lists%2Ftika/WhctKKXXHvjnJRRdBSwLbKkDkXQtRnWGDhblVMQQZhjsDGrFpRMRQJJrZSdskrNCqcmTtjL] > * errorprone requires Java 11 for the build (doesn't mean we can't target 8) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (TIKA-3175) Upgrade version of TPS: commons-io
[ https://issues.apache.org/jira/browse/TIKA-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov closed TIKA-3175. --- > Upgrade version of TPS: commons-io > -- > > Key: TIKA-3175 > URL: https://issues.apache.org/jira/browse/TIKA-3175 > Project: Tika > Issue Type: Bug >Affects Versions: 1.23, 1.24, 1.24.1 >Reporter: Shubhangi Raut >Priority: Critical > > Latest tika-bundle jars use commons-io-1.26.jar in them. > There is a vulnerability reported for commons-io-2.6.jar which is fixed in > version 2.7. > Details can be found in the following link: > Project: https://issues.apache.org/jira/browse/IO-559 > > Please upgrade the version for commons-io to 2.7 in next release. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3175) Upgrade version of TPS: commons-io
[ https://issues.apache.org/jira/browse/TIKA-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3175. - Resolution: Duplicate > Upgrade version of TPS: commons-io > -- > > Key: TIKA-3175 > URL: https://issues.apache.org/jira/browse/TIKA-3175 > Project: Tika > Issue Type: Bug >Affects Versions: 1.23, 1.24, 1.24.1 >Reporter: Shubhangi Raut >Priority: Critical > > Latest tika-bundle jars use commons-io-1.26.jar in them. > There is a vulnerability reported for commons-io-2.6.jar which is fixed in > version 2.7. > Details can be found in the following link: > Project: https://issues.apache.org/jira/browse/IO-559 > > Please upgrade the version for commons-io to 2.7 in next release. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3387) Unexpected RuntimeException from org.apache.tika.parser.microsoft.ooxml.OOXMLParser
[ https://issues.apache.org/jira/browse/TIKA-3387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3387. - Resolution: Incomplete Please feel free to reopen the issue if it can be reproduced with more recent Tika version (2.6.0 at the moment) and you could provide a bit more info > Unexpected RuntimeException from > org.apache.tika.parser.microsoft.ooxml.OOXMLParser > --- > > Key: TIKA-3387 > URL: https://issues.apache.org/jira/browse/TIKA-3387 > Project: Tika > Issue Type: Bug > Components: parser > Environment: dev testing >Reporter: Manojkumar M >Priority: Critical > > org.apache.tika.exception.TikaException: Unexpected RuntimeException from > org.apache.tika.parser.microsoft.ooxml.OOXMLParser@7b6359a0 > > > This is the only exception trace we are getting in the code. > > This is what is put in the pom.xml > > <*dependency*> > <*groupId*>org.apache.tika > <*artifactId*>tika-core > > <*dependency*> > <*groupId*>org.apache.tika > <*artifactId*>tika-parsers > <*exclusions*> > <*exclusion*> > <*groupId*>com.fasterxml.jackson.core > <*artifactId*>jackson-core > > <*exclusion*> > <*groupId*>com.fasterxml.jackson.core > <*artifactId*>jackson-annotations > > > > {color:#FF}*Version*{color} > tika-parsers: 1.24.1 > poi-ooxml: 4.1.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3712) update jackson-databind to 2.13.2.1 or greater in tika jars
[ https://issues.apache.org/jira/browse/TIKA-3712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3712. - Resolution: Fixed > update jackson-databind to 2.13.2.1 or greater in tika jars > --- > > Key: TIKA-3712 > URL: https://issues.apache.org/jira/browse/TIKA-3712 > Project: Tika > Issue Type: Bug > Components: tika-eval >Affects Versions: 2.3.0 >Reporter: Dhoka Pramod >Priority: Critical > Fix For: 2.4.1 > > > [com.fasterxml.jackson.core_jackson-databind_2.13.1|https://austsbldci-res.lab.opentext.com/static-files/FKgXaaJSguhZ4lO6UfpswhoSmhYTiF2UyQU-rrbduGUxNjQ4NzM4OTIzNDgzOjg6aHNjaGVpYm46dmlldy9UZWFtU2l0ZS9qb2IvRG9ja2VySW1hZ2UtVFMyMi4yL2xhc3RTdWNjZXNzZnVsQnVpbGQvYXJ0aWZhY3Q=/twistlock-report.html#sha256:55f19c5712346e29554e65473ac7c1ef988a2ae2fe1ffa71035426183d4ad4e9_com.fasterxml.jackson.core_jackson-databind_2.13.1] > in tika eval app is of version 2.13.1 which has > [CVE-2020-36518|https://nvd.nist.gov/vuln/detail/CVE-2020-36518] > vulnerability. > jackson databind jars needs to be updated to *2.13.2.1 or greater.* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3712) update jackson-databind to 2.13.2.1 or greater in tika jars
[ https://issues.apache.org/jira/browse/TIKA-3712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3712: Fix Version/s: 2.4.1 > update jackson-databind to 2.13.2.1 or greater in tika jars > --- > > Key: TIKA-3712 > URL: https://issues.apache.org/jira/browse/TIKA-3712 > Project: Tika > Issue Type: Bug > Components: tika-eval >Affects Versions: 2.3.0 >Reporter: Dhoka Pramod >Priority: Critical > Fix For: 2.4.1 > > > [com.fasterxml.jackson.core_jackson-databind_2.13.1|https://austsbldci-res.lab.opentext.com/static-files/FKgXaaJSguhZ4lO6UfpswhoSmhYTiF2UyQU-rrbduGUxNjQ4NzM4OTIzNDgzOjg6aHNjaGVpYm46dmlldy9UZWFtU2l0ZS9qb2IvRG9ja2VySW1hZ2UtVFMyMi4yL2xhc3RTdWNjZXNzZnVsQnVpbGQvYXJ0aWZhY3Q=/twistlock-report.html#sha256:55f19c5712346e29554e65473ac7c1ef988a2ae2fe1ffa71035426183d4ad4e9_com.fasterxml.jackson.core_jackson-databind_2.13.1] > in tika eval app is of version 2.13.1 which has > [CVE-2020-36518|https://nvd.nist.gov/vuln/detail/CVE-2020-36518] > vulnerability. > jackson databind jars needs to be updated to *2.13.2.1 or greater.* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TIKA-3935) Remove log4j 1.2.x from dependencies
[ https://issues.apache.org/jira/browse/TIKA-3935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636230#comment-17636230 ] ASF GitHub Bot commented on TIKA-3935: -- grossws opened a new pull request, #809: URL: https://github.com/apache/tika/pull/809 Affects `tika-parser-nlp-module` and `tika-age-recognizer` (presumably deprecated) > Remove log4j 1.2.x from dependencies > > > Key: TIKA-3935 > URL: https://issues.apache.org/jira/browse/TIKA-3935 > Project: Tika > Issue Type: Task > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Minor > Fix For: 2.6.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [tika] grossws opened a new pull request, #809: TIKA-3935 Remove log4j 1.2.x from dependencies
grossws opened a new pull request, #809: URL: https://github.com/apache/tika/pull/809 Affects `tika-parser-nlp-module` and `tika-age-recognizer` (presumably deprecated) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tika.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (TIKA-3935) Remove log4j 1.2.x from dependencies
Konstantin Gribov created TIKA-3935: --- Summary: Remove log4j 1.2.x from dependencies Key: TIKA-3935 URL: https://issues.apache.org/jira/browse/TIKA-3935 Project: Tika Issue Type: Task Components: depedency Affects Versions: 2.6.0 Reporter: Konstantin Gribov Assignee: Konstantin Gribov Fix For: 2.6.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TIKA-3324) Add checkstyle checker
[ https://issues.apache.org/jira/browse/TIKA-3324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17636228#comment-17636228 ] Konstantin Gribov commented on TIKA-3324: - I certainly lost against checkstyle plugin. When I just run {{mvn checkstyle:checkstyle}} it fails on {{tika-core}} with something like 5.7k errors. What do you think about using [spotless|https://github.com/diffplug/spotless]? It supports [ratchet|https://github.com/diffplug/spotless/tree/main/plugin-gradle#ratchet] mode to avoid reformatting all files at once and to force reformat only on changed files. I'm going to experiment with it in a separate branch for POMs at first. > Add checkstyle checker > -- > > Key: TIKA-3324 > URL: https://issues.apache.org/jira/browse/TIKA-3324 > Project: Tika > Issue Type: Task >Reporter: Tim Allison >Assignee: Tim Allison >Priority: Major > > I _think_ we can introduce this gently at first. And slowly fix files as time > allows. Obv, we can hope a bulk fix will work, and it won’t be much > effort... WDYT? > > H/T [~ndipiazza_gmail] for the recommendation. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[ https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3934: Fix Version/s: 2.6.1 > Reogranize POMs parent chain to avoid leaking dependency management downstream > -- > > Key: TIKA-3934 > URL: https://issues.apache.org/jira/browse/TIKA-3934 > Project: Tika > Issue Type: Improvement > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.6.1, 2.7.0 > > > Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM > and thus forces a lot of dependency versions on downstream users. > For example if one use only PDF module there's no reason to force > Netty/Jetty/CXF/whatever versions. > I propose the following: > * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}} > modules on the reactor > * move all our dependency management and build related configuration to the > reactor ({{tika}} root project) > I've started these work last week and will publish first PR for review soon. > Moving parts from {{tika-parent}} to {{tika}} may take some time so little > steps without build disruption is a must -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
[ https://issues.apache.org/jira/browse/TIKA-3934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3934: Description: Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM and thus forces a lot of dependency versions on downstream users. For example if one use only PDF module there's no reason to force Netty/Jetty/CXF/whatever versions. I propose the following: * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}} modules on the reactor * move all our dependency management and build related configuration to the reactor ({{tika}} root project) I've started these work last week and will publish first PR for review soon. Moving parts from {{tika-parent}} to {{tika}} may take some time so little steps without build disruption is a must was: Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM and thus forces a lot of dependency versions on downstream users. For example if one use only PDF module there's no reason to force Netty/Jetty/CXF/whatever versions. I propose the following: * move all our dependency management and build related configuration to the reactor ({{tika}} root project) * make {{tika}} rector depend on {{tika-parent}} and all other {{tika-*}} modules on the reactor I've started these work last week and will publish first PR for review soon. Moving parts from {{tika-parent}} to {{tika}} may take some time so little steps without build disruption is a must > Reogranize POMs parent chain to avoid leaking dependency management downstream > -- > > Key: TIKA-3934 > URL: https://issues.apache.org/jira/browse/TIKA-3934 > Project: Tika > Issue Type: Improvement > Components: depedency >Affects Versions: 2.6.0 >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.7.0 > > > Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM > and thus forces a lot of dependency versions on downstream users. > For example if one use only PDF module there's no reason to force > Netty/Jetty/CXF/whatever versions. > I propose the following: > * make {{tika}} reactor depend on {{tika-parent}} and all other {{tika-*}} > modules on the reactor > * move all our dependency management and build related configuration to the > reactor ({{tika}} root project) > I've started these work last week and will publish first PR for review soon. > Moving parts from {{tika-parent}} to {{tika}} may take some time so little > steps without build disruption is a must -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TIKA-3934) Reogranize POMs parent chain to avoid leaking dependency management downstream
Konstantin Gribov created TIKA-3934: --- Summary: Reogranize POMs parent chain to avoid leaking dependency management downstream Key: TIKA-3934 URL: https://issues.apache.org/jira/browse/TIKA-3934 Project: Tika Issue Type: Improvement Components: depedency Affects Versions: 2.6.0 Reporter: Konstantin Gribov Assignee: Konstantin Gribov Fix For: 2.7.0 Tika's BOM (Bill of Materials) artifact has {{tika-parent}} as a parent POM and thus forces a lot of dependency versions on downstream users. For example if one use only PDF module there's no reason to force Netty/Jetty/CXF/whatever versions. I propose the following: * move all our dependency management and build related configuration to the reactor ({{tika}} root project) * make {{tika}} rector depend on {{tika-parent}} and all other {{tika-*}} modules on the reactor I've started these work last week and will publish first PR for review soon. Moving parts from {{tika-parent}} to {{tika}} may take some time so little steps without build disruption is a must -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (TIKA-3368) Add Bill of Materials (BOM) artifact (Tika 1.x)
[ https://issues.apache.org/jira/browse/TIKA-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov closed TIKA-3368. --- > Add Bill of Materials (BOM) artifact (Tika 1.x) > --- > > Key: TIKA-3368 > URL: https://issues.apache.org/jira/browse/TIKA-3368 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 1.27 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3368) Add Bill of Materials (BOM) artifact (Tika 1.x)
[ https://issues.apache.org/jira/browse/TIKA-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3368. - Resolution: Invalid Tika 1.x reached EOL and PR was closed some time ago, just a JIRA cleanup > Add Bill of Materials (BOM) artifact (Tika 1.x) > --- > > Key: TIKA-3368 > URL: https://issues.apache.org/jira/browse/TIKA-3368 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 1.27 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3368) Add Bill of Materials (BOM) artifact (Tika 1.x)
[ https://issues.apache.org/jira/browse/TIKA-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3368: Fix Version/s: 1.27 (was: 2.0.0-BETA) > Add Bill of Materials (BOM) artifact (Tika 1.x) > --- > > Key: TIKA-3368 > URL: https://issues.apache.org/jira/browse/TIKA-3368 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 1.27 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (TIKA-3367) Add Bill of Materials (BOM) artifact
[ https://issues.apache.org/jira/browse/TIKA-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov updated TIKA-3367: Fix Version/s: 2.3.0 (was: 2.1.0) > Add Bill of Materials (BOM) artifact > > > Key: TIKA-3367 > URL: https://issues.apache.org/jira/browse/TIKA-3367 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (TIKA-3367) Add Bill of Materials (BOM) artifact
[ https://issues.apache.org/jira/browse/TIKA-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov resolved TIKA-3367. - Resolution: Fixed > Add Bill of Materials (BOM) artifact > > > Key: TIKA-3367 > URL: https://issues.apache.org/jira/browse/TIKA-3367 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (TIKA-3367) Add Bill of Materials (BOM) artifact
[ https://issues.apache.org/jira/browse/TIKA-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konstantin Gribov closed TIKA-3367. --- > Add Bill of Materials (BOM) artifact > > > Key: TIKA-3367 > URL: https://issues.apache.org/jira/browse/TIKA-3367 > Project: Tika > Issue Type: Improvement > Components: packaging >Reporter: Konstantin Gribov >Assignee: Konstantin Gribov >Priority: Major > Fix For: 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)