Remove pdfbox as a dependency

marcoandries · marcoandries · commit 66fbdd08046f · 2021-03-24T16:30:52.000+01:00
There's a known vulnerability on version 2.0.21 of pdfbox
Dependency on pdfbox is introduced by the tess4j dependency
diff --git a/pdfocr-api/pom.xml b/pdfocr-api/pom.xml
@@ -47,4 +47,4 @@
       </resource>
     </resources>
   </build>
-</project>
+</project>
diff --git a/pdfocr-tesseract4/pom.xml b/pdfocr-tesseract4/pom.xml
@@ -45,6 +45,18 @@
           <artifactId>log4j-over-slf4j</artifactId>
           <groupId>org.slf4j</groupId>
         </exclusion>
+        <exclusion>
+          <artifactId>pdfbox</artifactId>
+          <groupId>org.apache.pdfbox</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>pdfbox-tools</artifactId>
+          <groupId>org.apache.pdfbox</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>jbig2-imageio</artifactId>
+          <groupId>org.apache.pdfbox</groupId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -54,4 +66,4 @@
       <scope>test</scope>
     </dependency>
   </dependencies>
-</project>
+</project>
diff --git a/pom.xml b/pom.xml
@@ -137,4 +137,4 @@
       </build>
     </profile>
   </profiles>
-</project>
+</project>
