New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HOP-3681] upgrade to poi 5.2.0 #1275
Conversation
Appreciate the effort! |
@mattcasters would you know why https://github.com/apache/hop/blob/a575a97e9e0a2a5d413fe0899c27d1449f6a8958/plugins/transforms/excelwriter/pom.xml excludes the transitive dependencies of poi? - it makes things complicated because with the exclusions, I would need to explicitly import each POI dependency |
@pjfanning It was probably done to avoid a downstream dependency with an older version. Just remove the exclusions and make your life easier. Most likely the issue is solved by updating to a more recent POI version. Should the problem pop up we can force the right library version in the assembly. |
@mattcasters thanks - I've removed the exclusions. I suspect that extra jars will need to be added to the assemblies. Would you be to review the non-optional compile dependencies in these 2 links?
Should I all the non-optional dependencies to the assemblies? |
Usually I run mvn dependency:tree and then figure out which libraries are actually needed by the pom.xml. I put these in assembly.xml of the corresponding assymblies module. It's unfortunately a pretty manual process but on the whole it works well enough in keeping everything under control. |
@mattcasters I extended the 2 excel assemblies. Would you be able to approve the CI build? |
Very nice! |
For your convenience: you can have multiple lines in an section in the assembly.xml file. |
@mattcasters I'd prefer to stay consistent stylewise with the existing assembly.xml - the pre-existing dependencies are 1 per set. |
LGTM, thank you so much @pjfanning ! |
The only question I have is do we really need to pull in the log4j-api? |
poi 5.1 and up uses log4j-api - the recent security issues are in log4j-core not log4j-api - and this PR uses the latest version of log4j-api anyway |
ack! I'll give it a spin tomorrow and merge! thanks!! |
Following this checklist to help us incorporate your contribution quickly and easily:
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
[HOP-XXX] - Fixes bug in SessionManager
,where you replace
HOP-XXX
with the appropriate JIRA issue. Best practiceis to use the JIRA issue title in the pull request title and in the first line of the commit message.
mvn clean install apache-rat:check
to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.git rebase -i
.Trivial changes like typos do not require a JIRA issue (javadoc, comments...).
In this case, just format the pull request title like
(DOC) - Add javadoc in SessionManager
.If this is your first contribution, you have to read the Contribution Guidelines
If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement
if you are unsure please ask on the developers list.
To make clear that you license your contribution under the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.