-
Type:
Task
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: 2025.x
-
Component/s: Distribution / Installers
-
Epic Link:
-
Tags:
Currently, in 2023, we have this dependency:
<dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>2.8.0</version> </dependency>
Hopelessly, Dependabot tries to upgrade it through the Version updates mechanism, but it always fails:
Bump commons-io from 2.8.0 to 2.11.0
Bump commons-io from 2.8.0 to 2.12.0
Bump commons-io from 2.8.0 to 2.13.0
Bump commons-io:commons-io from 2.8.0 to 2.14.0
Bump commons-io:commons-io from 2.8.0 to 2.15.0
Bump commons-io:commons-io from 2.8.0 to 2.15.1
The first error is TestNuxeoWroManagerFactory.testNuxeoUriWildCardlocator:
testNuxeoUriWildCardlocator(org.nuxeo.ecm.web.resources.wro.TestNuxeoWroManagerFactory) Time elapsed: 0.007 s <<< ERROR! java.io.IOException: No resource found for wildcard: * at ro.isdc.wro.model.resource.locator.wildcard.DefaultWildcardStreamLocator.triggerWildcardExpander(DefaultWildcardStreamLocator.java:191) at ro.isdc.wro.model.resource.locator.wildcard.DefaultWildcardStreamLocator.findMatchedFiles(DefaultWildcardStreamLocator.java:145) at ro.isdc.wro.model.resource.locator.wildcard.DefaultWildcardStreamLocator.locateStream(DefaultWildcardStreamLocator.java:94) at ro.isdc.wro.model.resource.locator.UrlUriLocator.locate(UrlUriLocator.java:81) at org.nuxeo.ecm.web.resources.wro.provider.NuxeoUriLocator.locate(NuxeoUriLocator.java:64) at ro.isdc.wro.model.resource.locator.factory.InjectableUriLocatorFactoryDecorator.locate(InjectableUriLocatorFactoryDecorator.java:42) at org.nuxeo.ecm.web.resources.wro.TestNuxeoWroManagerFactory.testNuxeoUriWildCardlocator(TestNuxeoWroManagerFactory.java:153)
It is failing due some changes in the implementation of org.apache.commons.io.FileUtils#listFiles, see the Apache Commons IO Release Notes (2.9.0), changing the behavior of ro.isdc.wro.model.resource.locator.wildcard.DefaultWildcardStreamLocator#findMatchedFiles.
We've created a pull request in the wro4j project, which was fixed by bumping to commons-io 2.11.0.
This change is included in wro4j 2.1.0, we're currently in 1.10.1. Unfortunately, because wro4j >= 2.0.0 includes the migration from javax to Jakarta, we cannot upgrade to such wro4j versions, see https://github.com/wro4j/wro4j/pull/1153.
In 2025, along with the move from javax to Jakarta (dedicated Epic to be created at this time), let's see if we can align on the latest versions of:
- commons-io
- wro4j-core
- why not, all the other Apache commons-*?
Also, the Dependabot upgrade of Apache POI from 5.2.3 to 5.2.5 is failing because of APIs only available since commons-io-2.12.0.
java.lang.NoSuchMethodError: 'org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream$Builder org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream.builder()' at org.apache.poi.util.IOUtils.peekFirstNBytes(IOUtils.java:144) at org.apache.poi.poifs.filesystem.FileMagic.valueOf(FileMagic.java:209) at org.apache.poi.extractor.ExtractorFactory.createExtractor(ExtractorFactory.java:214) at org.apache.poi.extractor.ExtractorFactory.createExtractor(ExtractorFactory.java:193) at org.nuxeo.ecm.core.convert.plugins.text.extractors.MSOffice2TextConverter.convert(MSOffice2TextConverter.java:55) at org.nuxeo.ecm.core.convert.service.ConversionServiceImpl.convert(ConversionServiceImpl.java:337) at org.nuxeo.ecm.core.convert.plugins.tests.AbstractConverterTest.doTestTextConverter(AbstractConverterTest.java:71) at org.nuxeo.ecm.core.convert.plugins.tests.AbstractConverterTest.doTestTextConverter(AbstractConverterTest.java:80) at org.nuxeo.ecm.core.convert.plugins.tests.TestMSOfficeConverter.testWordConverter(TestMSOfficeConverter.java:45)
Let's also try to upgrade Apache POI to its latest version available.
