Control opencsv dependency version in project POM

afs · Jan 14, 2025 · f6c8abe · f6c8abe
1 parent a6abb2b
commit f6c8abe
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 20 deletions.
diff --git a/jena-fuseki2/jena-fuseki-geosparql/pom.xml b/jena-fuseki2/jena-fuseki-geosparql/pom.xml
@@ -47,24 +47,8 @@
       </dependency>
 
       <dependency>
-		<groupId>com.opencsv</groupId>
-	    <artifactId>opencsv</artifactId>
-		<version>5.9</version>
-	        <!-- rdf-tables:1.0.4
-               -> com.opencsv:opencsv:jar:3.9 
-                 -> commons-beanutils:commons-beanutils:19.3
-             CVE-2019-10086 https://nvd.nist.gov/vuln/detail/CVE-2019-10086 
-             commons-beanutils:commons-beanutils:jar:1.9.3
-             Needs to be 1.9.4.
-             We exclude it from rdf-tables and directly depend on it here.
-    	    -->
-        <exclusions>
-          <!-- Use jcl-over-slf4j -->
-          <exclusion>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
-          </exclusion>
-        </exclusions>
+        <groupId>com.opencsv</groupId>
+        <artifactId>opencsv</artifactId>
       </dependency>
 
       <dependency>

diff --git a/pom.xml b/pom.xml
@@ -95,6 +95,7 @@
     <ver.dexxcollection>0.7</ver.dexxcollection>
     <ver.micrometer>1.14.2</ver.micrometer>
     <ver.roaringbitmap>1.3.0</ver.roaringbitmap>
+    <ver.opencsv>5.10</ver.opencsv>
 
     <!-- Testing -->
     <ver.junit4>4.13.2</ver.junit4>
@@ -431,6 +432,18 @@
         <version>${ver.commons-fileupload}</version>
       </dependency>
 
+       <dependency>
+         <groupId>com.opencsv</groupId>
+         <artifactId>opencsv</artifactId>
+         <version>${ver.opencsv}</version>
+         <exclusions>
+           <exclusion>
+             <groupId>commons-logging</groupId>
+             <artifactId>commons-logging</artifactId>
+           </exclusion>
+         </exclusions>         
+       </dependency>
+
       <!--
           com.google.errorprone:error_prone_annotations
           is used by gson, guava and caffeine. 
@@ -440,8 +453,8 @@
           Either explicitly depend here or choose one
           route and exclude from the others or exclude
           systematically. If the dependency plugin is being used,
-	  it will likely report errors because it is stricter than 
-	  the maven resolution rule.
+    it will likely report errors because it is stricter than 
+    the maven resolution rule.
 
           Gson is probably the one to choose as the preferred route.
           https://github.com/google/gson/issues/2681#issuecomment-2125845040