ANY23-611 -- general upgrades

cli/pom.xml

@@ -360,7 +360,8 @@
             <bundledSignature>jdk-reflection</bundledSignature>
             <bundledSignature>jdk-internal</bundledSignature>
             <!--bundledSignature>jdk-system-out</bundledSignature-->
-            <bundledSignature>commons-io-unsafe-${commons-io.version}</bundledSignature>
+            <bundledSignature>commons-io-unsafe-2.11.0</bundledSignature>
+            <!-- revert to this once forbiddenapis includes the latest <bundledSignature>commons-io-unsafe-${commons-io.version}</bundledSignature> -->
           </bundledSignatures>
         </configuration>
         <executions>

cli/src/test/java/org/apache/any23/cli/MimeDetectorTest.java

@@ -17,6 +17,7 @@
 
 package org.apache.any23.cli;
 
+import org.junit.Ignore;
 import org.junit.Test;
 
 /**
@@ -31,6 +32,7 @@ public MimeDetectorTest() {
     }
 
     @Test
+    @Ignore("URL broken")
     public void testDetectURL() throws Exception {
         assumeOnlineAllowed();
         runToolCheckExit0("http://twitter.com#micmos");

cli/src/test/java/org/apache/any23/cli/RoverTest.java

@@ -23,6 +23,7 @@
 import org.apache.any23.util.URLUtils;
 import org.junit.Assert;
 import org.junit.Assume;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.eclipse.rdf4j.model.Statement;
 import org.eclipse.rdf4j.rio.RDFFormat;
@@ -112,6 +113,7 @@ public void testDelegatingWriterFactory() throws Exception {
     /* BEGIN: online tests. */
 
     @Test
+    @Ignore("URLs are broken")
     public void testRunMultiURLs() throws Exception {
         // Assuming first accessibility to remote resources.
         assumeOnlineAllowed();

core/src/main/java/org/apache/any23/extractor/yaml/YAMLExtractor.java

@@ -32,6 +32,7 @@
 import org.eclipse.rdf4j.model.vocabulary.RDFS;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.SafeConstructor;
 
@@ -42,7 +43,7 @@ public class YAMLExtractor implements Extractor.ContentExtractor {
 
     private final Logger log = LoggerFactory.getLogger(getClass());
 
-    private static final Yaml yml = new Yaml(new SafeConstructor());
+    private static final Yaml yml = new Yaml(new SafeConstructor(new LoaderOptions()));
 
     private static final YAML vocab = YAML.getInstance();
 

core/src/main/java/org/apache/any23/rdf/Any23ValueFactoryWrapper.java

@@ -30,6 +30,7 @@
 import org.eclipse.rdf4j.model.IRI;
 import org.eclipse.rdf4j.model.Value;
 import org.eclipse.rdf4j.model.ValueFactory;
+import org.eclipse.rdf4j.model.base.CoreDatatype;
 import org.eclipse.rdf4j.model.vocabulary.RDF;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -181,6 +182,22 @@ public Literal createLiteral(String pref, IRI value) {
         return wrappedFactory.createLiteral(pref, value);
     }
 
+    @Override
+    public Literal createLiteral(String s, CoreDatatype coreDatatype) {
+        if (s == null) {
+            return null;
+        }
+        return wrappedFactory.createLiteral(s, coreDatatype);
+    }
+
+    @Override
+    public Literal createLiteral(String s, IRI iri, CoreDatatype coreDatatype) {
+        if (s == null) {
+            return null;
+        }
+        return wrappedFactory.createLiteral(s, iri, coreDatatype);
+    }
+
     @Override
     public Literal createLiteral(Date date) {
         return wrappedFactory.createLiteral(date);

core/src/main/java/org/apache/any23/rdf/RDFUtils.java

@@ -391,7 +391,7 @@ public static BNode getBNode(String id) {
      * @param s
      *            subject {@link org.eclipse.rdf4j.model.Resource}
      * @param p
-     *            predicate {@link org.eclipse.rdf4j.model.URI}
+     *            predicate {@link org.eclipse.rdf4j.model.IRI}
      * @param o
      *            object {@link org.eclipse.rdf4j.model.Value}
      *

core/src/test/java/org/apache/any23/Any23Test.java

@@ -51,6 +51,7 @@
 import org.apache.any23.writer.TripleHandlerException;
 import org.apache.commons.io.IOUtils;
 import org.junit.AssumptionViolatedException;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.eclipse.rdf4j.model.Statement;
 import org.eclipse.rdf4j.repository.Repository;
@@ -286,6 +287,7 @@ protected int getSoTimeout() {
      *             if there is an error defining input URI's
      */
     @Test
+    @Ignore("URL no longer works")
     public void testGZippedContent() throws IOException, URISyntaxException, ExtractionException {
         assumeOnlineAllowed();
         final Any23 runner = new Any23();

pom.xml

@@ -21,7 +21,7 @@
   <parent>
     <groupId>org.apache</groupId>
     <artifactId>apache</artifactId>
-    <version>26</version>
+    <version>29</version>
   </parent>
 
   <groupId>org.apache.any23</groupId>
@@ -273,18 +273,18 @@
     <implementation.build.tstamp>${maven.build.timestamp}</implementation.build.tstamp>
     <project.build.outputTimestamp>1</project.build.outputTimestamp>
 
-    <httpclient.version>4.5.13</httpclient.version>
-    <httpcore.version>4.4.15</httpcore.version>
-    <owlapi.version>5.1.20</owlapi.version>
-    <rdf4j.version>3.7.4</rdf4j.version>
+    <httpclient.version>4.5.14</httpclient.version>
+    <httpcore.version>4.4.16</httpcore.version>
+    <owlapi.version>5.5.0</owlapi.version>
+    <rdf4j.version>4.3.1</rdf4j.version>
     <semargl.version>0.7</semargl.version>
-    <log4j2.version>2.17.2</log4j2.version>
+    <log4j2.version>2.20.0</log4j2.version>
     <slf4j.version>1.7.36</slf4j.version>
     <tika.version>2.4.0</tika.version>
     <openie_2.11.version>4.2.6</openie_2.11.version>
     <openregex.version>1.1.1</openregex.version>
-    <jackson.version>2.13.1</jackson.version>
-    <commons-io.version>2.11.0</commons-io.version>
+    <jackson.version>2.14.3</jackson.version>
+    <commons-io.version>2.12.0</commons-io.version>
     <velocity.version>1.7</velocity.version>
 
     <!-- Overridden in profiles to add JDK specific arguments to surefire -->
@@ -320,7 +320,7 @@
     <maven-gpg-plugin.version>3.0.1</maven-gpg-plugin.version>
     <maven-invoker-plugin.version>3.2.2</maven-invoker-plugin.version>
     <spotbugs-maven-plugin.version>4.7.0.0</spotbugs-maven-plugin.version>
-    <forbiddenapis.version>3.3</forbiddenapis.version>
+    <forbiddenapis.version>3.5.1</forbiddenapis.version>
     <formatter-maven-plugin.version>2.18.0</formatter-maven-plugin.version>
     <ossindex-maven-plugin.version>3.2.0</ossindex-maven-plugin.version>
     <maven-enforcer-plugin.version>3.0.0</maven-enforcer-plugin.version>
@@ -346,6 +346,21 @@
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-core</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-annotations</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-databind</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-lang3</artifactId>
@@ -379,7 +394,17 @@
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-compress</artifactId>
-        <version>1.21</version>
+        <version>1.23.0</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.rdf4j</groupId>
+        <artifactId>rdf4j-model-api</artifactId>
+        <version>4.3.1</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.rdf4j</groupId>
+        <artifactId>rdf4j-model-vocabulary</artifactId>
+        <version>4.3.1</version>
       </dependency>
       <dependency>
         <groupId>xerces</groupId>
@@ -389,12 +414,12 @@
       <dependency>
         <groupId>org.jsoup</groupId>
         <artifactId>jsoup</artifactId>
-        <version>1.15.1</version>
+        <version>1.16.1</version>
       </dependency>
       <dependency>
         <groupId>net.sf.biweekly</groupId>
         <artifactId>biweekly</artifactId>
-        <version>0.6.6</version>
+        <version>0.6.7</version>
       </dependency>
 
       <!-- BEGIN: Tika -->
@@ -609,7 +634,7 @@
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-csv</artifactId>
-        <version>1.9.0</version>
+        <version>1.10.0</version>
       </dependency>
       <dependency>
         <groupId>commons-io</groupId>
@@ -659,7 +684,7 @@
       <dependency>
         <groupId>org.yaml</groupId>
         <artifactId>snakeyaml</artifactId>
-        <version>1.30</version>
+        <version>2.0</version>
       </dependency>
 
       <!-- BEGIN: Test Dependencies -->
@@ -672,7 +697,7 @@
       <dependency>
         <groupId>org.mockito</groupId>
         <artifactId>mockito-core</artifactId>
-        <version>4.5.1</version>
+        <version>5.3.1</version>
         <scope>test</scope>
       </dependency>
       <!-- END: Test Dependencies -->
@@ -735,7 +760,18 @@
             <tarLongFileMode>posix</tarLongFileMode>
           </configuration>
         </plugin>
-
+        <!--
+          mvn versions:display-plugin-updates
+          mvn versions:display-dependency-updates
+        -->
+        <plugin>
+          <groupId>org.codehaus.mojo</groupId>
+          <artifactId>versions-maven-plugin</artifactId>
+          <version>2.15.0</version>
+          <configuration>
+            <generateBackupPoms>false</generateBackupPoms>
+          </configuration>
+        </plugin>
         <plugin>
           <groupId>org.codehaus.mojo</groupId>
           <artifactId>appassembler-maven-plugin</artifactId>
@@ -837,6 +873,30 @@
             <!-- Remove once we upgrade to org.apache.tika:tika-parsers-standard-package:jar:2.3.0 -->
             <exclude>af5f9c26-c09d-401f-a7fc-0785eeabeab3</exclude>
           </excludeVulnerabilityIds>
+          <excludeCoordinates>
+          <!-- https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@30.1.1-jre?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 -->
+            <exclude>
+              <groupId>com.google.guava</groupId>
+              <artifactId>guava</artifactId>
+              <version>30.1.1-jre</version>
+            </exclude>
+            <exclude>
+              <groupId>xerces</groupId>
+              <artifactId>xercesImpl</artifactId>
+              <version>2.12.2</version>
+            </exclude>
+            <!-- remove these two when upgrading to Tika 2.8.0 -->
+            <exclude>
+              <groupId>org.apache.tika</groupId>
+              <artifactId>tika-core</artifactId>
+              <version>2.4.0</version>
+            </exclude>
+            <exclude>
+              <groupId>com.drewnoakes</groupId>
+              <artifactId>metadata-extractor</artifactId>
+              <version>2.17.0</version>
+            </exclude>
+          </excludeCoordinates>
         </configuration>
         <executions>
           <execution>
@@ -863,7 +923,8 @@
             <bundledSignature>jdk-reflection</bundledSignature>
             <bundledSignature>jdk-internal-${javac.src.version}</bundledSignature>
             <bundledSignature>jdk-system-out</bundledSignature>
-            <bundledSignature>commons-io-unsafe-${commons-io.version}</bundledSignature>
+            <bundledSignature>commons-io-unsafe-2.11.0</bundledSignature>
+           <!-- revert to this once forbiddenapis includes the latest <bundledSignature>commons-io-unsafe-${commons-io.version}</bundledSignature> -->
           </bundledSignatures>
         </configuration>
         <executions>