You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hop.apache.org by GitBox <gi...@apache.org> on 2022/01/16 21:34:43 UTC

[GitHub] [hop] pjfanning opened a new pull request #1275: [HOP-3681] upgrade to poi 5.2.0

pjfanning opened a new pull request #1275:
URL: https://github.com/apache/hop/pull/1275


   Following this checklist to help us incorporate your contribution quickly and easily:
   
    - [ X] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/HOP) filed 
          for the change (usually before you start working on it).  Trivial changes like typos do not 
          require a JIRA issue.  Your pull request should address just this issue, without pulling in other changes.
    - [X] Each commit in the pull request should have a meaningful subject line and body.
    - [X] Format the pull request title like `[HOP-XXX] - Fixes bug in SessionManager`,
          where you replace `HOP-XXX` with the appropriate JIRA issue. Best practice
          is to use the JIRA issue title in the pull request title and in the first line of the commit message.
    - [X ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
    - [X] Run `mvn clean install apache-rat:check` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
    - [X] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using `git rebase -i`. 
    
   Trivial changes like typos do not require a JIRA issue (javadoc, comments...). 
   In this case, just format the pull request title like `(DOC) - Add javadoc in SessionManager`.
    
   If this is your first contribution, you have to read the [Contribution Guidelines](https://hop.apache.org/community/contributing/)
   
   If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) 
   if you are unsure please ask on the developers list.
   
   To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
   you have to acknowledge this by using the following check-box.
   
    - [X] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
    - [X] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) - I am an Apache member - username: fanningpj


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] mattcasters commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

mattcasters commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015331923


   @pjfanning It was probably done to avoid a downstream dependency with an older version.  Just remove the exclusions and make your life easier.  Most likely the issue is solved by updating to a more recent POI version.  Should the problem pops up we can force the right library version in the assembly. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] hansva merged pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

hansva merged pull request #1275:
URL: https://github.com/apache/hop/pull/1275


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] hansva commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

hansva commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015823897


   ack! I'll give it a spin tomorrow and merge! thanks!!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] pjfanning edited a comment on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

pjfanning edited a comment on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015325592


   @mattcasters would you know why https://github.com/apache/hop/blob/a575a97e9e0a2a5d413fe0899c27d1449f6a8958/plugins/transforms/excelwriter/pom.xml excludes the transitive dependencies of poi? - it makes things complicated because with the exclusions, I would need to explicitly import each POI dependency


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] mattcasters commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

mattcasters commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015488992


   Very nice!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] pjfanning commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015766299


   @mattcasters I'd prefer to stay consistent stylewise with the existing assembly.xml - the pre-existing dependencies are 1 per set.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] hansva commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

hansva commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015821773


   The only question I have is do we really need to pull in the log4j-api?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] mattcasters commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

mattcasters commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015395457


   Usually I run 
   
   mvn dependency:tree 
   
   and then figure out which libraries are actually needed by the pom.xml.  I put these in assembly.xml of the corresponding assymblies module.  It's unfortunately a pretty manual process but on the whole it works well enough in keeping everything under control.  
   Let me know if you want me to pick this up.  It shouldn't be too hard to figure out.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] mattcasters edited a comment on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

mattcasters edited a comment on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015331923


   @pjfanning It was probably done to avoid a downstream dependency with an older version.  Just remove the exclusions and make your life easier.  Most likely the issue is solved by updating to a more recent POI version.  Should the problem pop up we can force the right library version in the assembly. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] pjfanning commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015409853


   @mattcasters I extended the 2 excel assemblies. Would you be able to approve the CI build?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] hansva commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

hansva commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015820906


   LGTM, thank you so much @pjfanning !


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] pjfanning commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015377859


   @mattcasters thanks - I've removed the exclusions. I suspect that extra jars will need to be added to the assemblies.
   
   Would you be to review the non-optional compile dependencies in these 2 links?
   * https://mvnrepository.com/artifact/org.apache.poi/poi/5.2.0
   * https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml/5.2.0
   
   Should I all the non-optional dependencies to the assemblies?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] mattcasters commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

mattcasters commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015490774


   For your convenience: you can have multiple <include> lines in an <includes> section in the assembly.xml file.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] mattcasters commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

mattcasters commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015319098


   Appreciate the effort!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] pjfanning commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015325592


   @mattcasters would you know why https://github.com/apache/hop/blob/a575a97e9e0a2a5d413fe0899c27d1449f6a8958/plugins/transforms/excelwriter/pom.xml excludes the transitive dependencies of poi - it makes things complicated because with the exclusions, I would need to explicitly import each POI dependency


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] pjfanning commented on pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

pjfanning commented on pull request #1275:
URL: https://github.com/apache/hop/pull/1275#issuecomment-1015822710


   poi 5.1 and up uses log4j-api - the recent security issues are in log4j-core not log4j-api - and this PR uses the latest version of log4j-api anyway


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hop] hansva merged pull request #1275: [HOP-3681] upgrade to poi 5.2.0

Posted by GitBox <gi...@apache.org>.

hansva merged pull request #1275:
URL: https://github.com/apache/hop/pull/1275


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org