Skip to content

SOLR-16048: Examine Tika dependencies that brought in javax classes#693

Merged
risdenk merged 1 commit intoapache:mainfrom
risdenk:SOLR-16048
Feb 23, 2022
Merged

SOLR-16048: Examine Tika dependencies that brought in javax classes#693
risdenk merged 1 commit intoapache:mainfrom
risdenk:SOLR-16048

Conversation

@risdenk
Copy link
Contributor

@risdenk risdenk commented Feb 23, 2022
edited
Loading

https://issues.apache.org/jira/browse/SOLR-16048

  • jakarta.annotation-api - this should be allowed so exclusion in smokeTestRelease
  • jakarta.activation - this should be allowed so exclusion in smokeTestRelease
  • jakarta.xml.bind-api - this should be allowed so exclusion in smokeTestRelease
  • unit-api - this should be allowed so exclusion in smokeTestRelease
  • removed jersey and xml-api exclusion since they aren't dependencies
    anymore

@risdenk risdenk self-assigned this Feb 23, 2022
janhoy
janhoy approved these changes Feb 23, 2022
View reviewed changes
Copy link
Contributor

@janhoy janhoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is still 1 constraint for jakarta.annotation-api and we still have it in solr/licenses. But we don't ship the jar. gradle why shows this on my machine, probably some test dependency, which (still) requires a license entry.

> Task :why
jakarta.annotation:jakarta.annotation-api:1.3.5
        org.springframework.boot:spring-boot-starter -> 1.3.5

@janhoy janhoy mentioned this pull request Feb 23, 2022
Merged
@risdenk
Copy link
Contributor Author

risdenk commented Feb 23, 2022

@janhoy so I went to remove jakarta.annotation-api from the s3 mock dependency in s3-repository and it broke all the tests. Since apparently jakarta.annotation-api is important - I decided it would be better to NOT exclude it from tika-parsers since it might come into play when parsing with Tika.

@HoustonPutman
Copy link
Contributor

HoustonPutman commented Feb 23, 2022

Yeah I know I added a lot of jakarta and jaxb dependencies with the s3-repository. Was definitely needed at the time.

@janhoy
Copy link
Contributor

janhoy commented Feb 23, 2022

Agree. Would definitely be good to have this logic and whitelist in grade for early detection, but we can do that later.

@uschindler
Copy link
Contributor

uschindler commented Feb 23, 2022

Agree. Would definitely be good to have this logic and whitelist in grade for early detection, but we can do that later.

Yes, I think we should add this as a gradle task. Having it only in smoke tester was the only possibility back at that time. Let's open a separate issue. This would also be useful for Lucene regarding accidentally importing servlet-api or others.

uschindler
uschindler approved these changes Feb 23, 2022
View reviewed changes
Copy link
Contributor

@uschindler uschindler left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks fine, although I dpon't know what unit.jar is for. <-- ah thats the dimensions stuff. I know that one also from ucum.jar unit parser.

We can proceed in the same way if we find more that fail the build.

@risdenk
SOLR-16048: Examine Tika dependencies that brought in javax classes
b2efe50 
* jakarta.annotation-api - this should be allowed so exclusion in smokeTestRelease
* jakarta.activation - this should be allowed so exclusion in smokeTestRelease
* jakarta.xml.bind-api - this should be allowed so exclusion in smokeTestRelease
* unit-api - this should be allowed so exclusion in smokeTestRelease
* removed jersey and xml-api exclusion since they aren't dependencies
  anymore
@risdenk risdenk merged commit b2efe50 into apache:main Feb 23, 2022
@risdenk risdenk deleted the SOLR-16048 branch February 23, 2022 16:23
janhoy added a commit to janhoy/solr that referenced this pull request Feb 23, 2022
@janhoy
Revert javax allowlist (see apache#693 instead)
99356dc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janhoy janhoy janhoy approved these changes

@uschindler uschindler uschindler approved these changes

@dsmiley dsmiley Awaiting requested review from dsmiley

@HoustonPutman HoustonPutman Awaiting requested review from HoustonPutman

Assignees

@risdenk risdenk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@risdenk @HoustonPutman @janhoy @uschindler