Downgrade maven-dependency-plugin to 3.1.2

There appear to be false positives around Jackson usage in arrow-tools with versions greater than 3.1.2 up to at least 3.6.0.
Bit-Quill · Nov 24, 2023 · 2e726e8 · 2e726e8
1 parent 97f0da1
commit 2e726e8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/java/pom.xml b/java/pom.xml
@@ -378,7 +378,12 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-dependency-plugin</artifactId>
-          <version>3.6.1</version>
+          <!--
+            This appears to report a false positive with versions
+            greater than 3.1.2 (tested up to 3.6.0) when compiling
+            arrow-tools about Jackson being only used for tests.
+          -->
+          <version>3.1.2</version>
         </plugin>
         <plugin>
           <groupId>org.apache.rat</groupId>

diff --git a/java/tools/pom.xml b/java/tools/pom.xml
@@ -53,12 +53,10 @@
         <dependency>
           <groupId>com.fasterxml.jackson.core</groupId>
           <artifactId>jackson-core</artifactId>
-          <scope>provided</scope>
         </dependency>
         <dependency>
           <groupId>com.fasterxml.jackson.core</groupId>
           <artifactId>jackson-databind</artifactId>
-          <scope>provided</scope>
         </dependency>
         <dependency>
           <groupId>org.slf4j</groupId>