Updated dependencies, excluded some transitive dependencies (#85)

* Updated dependencies, excluded some transitive dependencies with security issues

* updated compiler plugin

* updated compiler plugin

* Update maven.yml

* updated compiler plugin

* updated compiler plugin

* updated compiler plugin

* updated compiler plugin

* updated compiler plugin

* Added dependency check to build pipeline

---------

Co-authored-by: JanderJ1 <johannes.jander@basf.com>

Author: iSnow

.github/workflows/maven.yml

@@ -15,14 +15,16 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
       with:
-        java-version: 1.8
+        java-version: '17'
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven
       run: mvn -B package --file pom.xml
     - name: Run test and coverage report
-      run: mvn clean test jacoco:report  coveralls:report -DrepoToken=${{ secrets.COVERALL_REPO_SECRET }}
+      run: mvn clean test jacoco:report
+    - name: Run dependency check
+      run: mvn org.owasp:dependency-check-maven:check

pom.xml

@@ -2,8 +2,8 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <groupId>io.frictionlessdata</groupId>
-    <artifactId>tableschema-java</artifactId>
-    <version>0.6.16-SNAPSHOT</version>
+    <artifactId>tableschema-java-isnow</artifactId>
+    <version>0.6.17-SNAPSHOT</version>
     <packaging>jar</packaging>
     <issueManagement>
         <url>https://github.com/frictionlessdata/tableschema-java/issues</url>
@@ -20,16 +20,16 @@
         <java.version>8</java.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
-        <google-guava.version>31.1-jre</google-guava.version>
-        <apache-commons-lang3.version>3.12.0</apache-commons-lang3.version>
-        <apache-commons-csv.version>1.10.0</apache-commons-csv.version>
-        <apache-commons-validator.version>1.7</apache-commons-validator.version>
-        <geotools.version>24.6</geotools.version>
-        <jackson.version>2.15.1</jackson.version>
-        <junit.version>5.9.1</junit.version>
+        <google-guava.version>33.4.0-jre</google-guava.version>
+        <apache-commons-lang3.version>3.17.0</apache-commons-lang3.version>
+        <apache-commons-csv.version>1.13.0</apache-commons-csv.version>
+        <apache-commons-validator.version>1.9.0</apache-commons-validator.version>
+        <geotools.version>32.2</geotools.version>
+        <jackson.version>2.18.3</jackson.version>
+        <junit.version>5.12.0</junit.version>
         <locationtech-jts.version>1.19.0</locationtech-jts.version>
         <networknt-validator-version>1.0.76</networknt-validator-version>
-        <maven-compiler-plugin.version>3.10.1</maven-compiler-plugin.version>
+        <maven-compiler-plugin.version>3.14.0</maven-compiler-plugin.version>
         <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
         <maven-javadoc-plugin.version>3.4.1</maven-javadoc-plugin.version>
         <maven-resources-plugin.version>3.3.0</maven-resources-plugin.version>
@@ -39,8 +39,8 @@
         <maven-release-plugin.version>3.0.0-M7</maven-release-plugin.version>
         <nexus-staging-maven-plugin.version>1.6.8</nexus-staging-maven-plugin.version>
         <coveralls-maven-plugin.version>4.3.0</coveralls-maven-plugin.version>
-        <dependency-check-maven.version>7.4.4</dependency-check-maven.version>
-        <jacoco-maven-plugin.version>0.8.8</jacoco-maven-plugin.version>
+        <dependency-check-maven.version>12.1.0</dependency-check-maven.version>
+        <jacoco-maven-plugin.version>0.8.12</jacoco-maven-plugin.version>
     </properties>
     <repositories>
         <repository>
@@ -69,26 +69,7 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
                 <version>${maven-resources-plugin.version}</version>
-                <!--
-                <executions>
-                    <execution>
-                        <id>copy-javadoc</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>testResources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>${basedir}/docs/javadoc</outputDirectory>
-                            <resources>
-                                <resource>
-                                    <directory>${basedir}/target/apidocs</directory>
-                                    <filtering>false</filtering>
-                                </resource>
-                            </resources>
-                        </configuration>
-                    </execution>
-                </executions>
-                -->
+
                 <configuration>
                     <encoding>UTF-8</encoding>
                 </configuration>
@@ -135,7 +116,7 @@
                     </execution>
                 </executions>
             </plugin>
-<!--
+            <!--
             <plugin>
                 <artifactId>maven-deploy-plugin</artifactId>
                 <version>${maven-deploy-plugin.version}</version>
@@ -149,7 +130,7 @@
                     </execution>
                 </executions>
             </plugin>
--->
+            -->
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
@@ -177,6 +158,7 @@
                 </configuration>
             </plugin>
 
+            <!--
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-release-plugin</artifactId>
@@ -195,13 +177,16 @@
                     </dependency>
                 </dependencies>
             </plugin>
+            -->
 
             <!-- Test Coverage: https://github.com/trautonen/coveralls-maven-plugin -->
+            <!--
             <plugin>
                 <groupId>org.eluder.coveralls</groupId>
                 <artifactId>coveralls-maven-plugin</artifactId>
                 <version>${coveralls-maven-plugin.version}</version>
             </plugin>
+            -->
 
             <plugin>
                 <groupId>org.jacoco</groupId>
@@ -232,8 +217,8 @@
 
         </plugins>
     </build>
-    <dependencies>
 
+    <dependencies>
         <!-- Dependencies for Bean-based Schema inferal -->
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -248,24 +233,64 @@
             <version>${jackson.version}</version>
         </dependency>
 
-		<dependency>
-		    <groupId>com.fasterxml.jackson.core</groupId>
-		    <artifactId>jackson-databind</artifactId>
-		    <version>${jackson.version}</version>
-		</dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
 
         <!-- Dependencies for Geopoint/Geojson Fields -->
         <dependency>
             <groupId>org.geotools</groupId>
-            <artifactId>gt-opengis</artifactId>
+            <artifactId>gt-main</artifactId>
             <version>${geotools.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.eclipse.emf</groupId>
+                    <artifactId>org.eclipse.emf.common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.geotools</groupId>
+                    <artifactId>gt-http</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.geotools</groupId>
+            <artifactId>gt-api</artifactId>
+            <version>${geotools.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.eclipse.emf</groupId>
+                    <artifactId>org.eclipse.emf.common</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.geotools</groupId>
+            <artifactId>gt-metadata</artifactId>
+            <version>${geotools.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.eclipse.emf</groupId>
+                    <artifactId>org.eclipse.emf.common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.geotools.ogc</groupId>
+                    <artifactId>net.opengis.ows</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
-
-        <!-- Dependencies for Geopoint/Geojson Fields -->
         <dependency>
             <groupId>org.geotools</groupId>
-            <artifactId>gt-geometry</artifactId>
+            <artifactId>gt-referencing</artifactId>
             <version>${geotools.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.eclipse.emf</groupId>
+                    <artifactId>org.eclipse.emf.common</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
@@ -280,6 +305,20 @@
             <groupId>commons-validator</groupId>
             <artifactId>commons-validator</artifactId>
             <version>${apache-commons-validator.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-beanutils</groupId>
+                    <artifactId>commons-beanutils</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-digester</groupId>
+                    <artifactId>commons-digester</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <!-- https://commons.apache.org/proper/commons-csv/ -->
         <dependency>
@@ -290,9 +329,15 @@
 
         <!-- JSON Schema Validator -->
         <dependency>
-        	<groupId>com.networknt</groupId>
-        	<artifactId>json-schema-validator</artifactId>
-        	<version>${networknt-validator-version}</version>
+            <groupId>com.networknt</groupId>
+            <artifactId>json-schema-validator</artifactId>
+            <version>${networknt-validator-version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>

src/main/java/io/frictionlessdata/tableschema/schema/BeanSchema.java

@@ -14,7 +14,7 @@
 import io.frictionlessdata.tableschema.field.*;
 import io.frictionlessdata.tableschema.util.ReflectionUtil;
 import org.apache.commons.lang3.StringUtils;
-import org.geotools.geometry.DirectPosition2D;
+import org.geotools.geometry.Position2D;
 import org.locationtech.jts.geom.Coordinate;
 
 import java.math.BigDecimal;
@@ -143,7 +143,7 @@ else if ((declaredClass.equals(LocalTime.class))
                                 || (declaredClass.equals(OffsetTime.class)))
                             field = new TimeField(name);
                         else if ((declaredClass.equals(Coordinate.class))
-                                || (declaredClass.equals(DirectPosition2D.class)))
+                                || (declaredClass.equals(Position2D.class)))
                             field = new GeopointField(name);
                         else if (declaredClass.equals(JsonNode.class))
                             field = new ObjectField(name);