You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by bu...@apache.org on 2021/11/05 00:10:47 UTC
[Bug 65670] New: Dependency convergence issue with org.osgi.core
(v4.3.1 and v6.0.0) in POI 5.1.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=65670
Bug ID: 65670
Summary: Dependency convergence issue with org.osgi.core
(v4.3.1 and v6.0.0) in POI 5.1.0
Product: POI
Version: unspecified
Hardware: Macintosh
OS: other
Status: NEW
Severity: normal
Priority: P2
Component: POI Overall
Assignee: dev@poi.apache.org
Reporter: dsubelman@redwood.cl
Target Milestone: ---
Dependency convergence issue with org.osgi.core (v4.3.1 and v6.0.0).
On one hand, poi and poi-ooxml-full have log4j as a dependency, which uses
org.osgi.core v4.3.1.
On the other hand, poi-ooxml has commons-compress as a dependency, which uses
org.osgi.core v6.0.0.
Here is maven-enforcer-plugin report:
+-org.apache.poi:poi:jar:5.1.0:compile
+-org.apache.logging.log4j:log4j-api:jar:2.14.1:compile
+-org.osgi:org.osgi.core:jar:4.3.1:runtime
and
+-org.apache.poi:poi-ooxml:jar:5.1.0:compile
+-org.apache.commons:commons-compress:jar:1.21:compile
+-org.osgi:org.osgi.core:jar:6.0.0:provided
and
+-org.apache.poi:poi-ooxml-full:jar:5.1.0:compile
+-org.apache.logging.log4j:log4j-core:jar:2.14.1:runtime
+-org.osgi:org.osgi.core:jar:4.3.1:runtime
As a workaround to get rid of the "maven-enforcer" violation I modify the pom
to:
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>5.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>5.1.0</version>
<exclusions>
<exclusion>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.core</artifactId>
</exclusion>
</exclusions>
</dependency>
I don't know what issues this exclusion can produce.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65670] Dependency convergence issue with org.osgi.core (v4.3.1 and v6.0.0) in POI 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65670
Dominik Stadler <do...@gmx.at> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |minor
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65670] Dependency convergence issue with org.osgi.core (v4.3.1
and v6.0.0) in POI 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65670
--- Comment #1 from PJ Fanning <fa...@yahoo.com> ---
Are you sure this causes any real issues? Generally, you just use the higher
version of osgi.core. If you do that, does that stop log4j from working?
The real issue is that log4j and commons-compress have outdated dependencies on
osgi.core - there is now an 8.0.0 release.
You should really report that to those teams. Not much the POI team can do
about it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 65670] Dependency convergence issue with org.osgi.core (v4.3.1
and v6.0.0) in POI 5.1.0
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65670
--- Comment #2 from Daniel Subelman <ds...@redwood.cl> ---
I'm not sure if this causes a real issue. I submit this maven-enforcer-plugin
warning if the POI development team wants to directly tackle this convergence
'issue'.
I agree that both osgi.core versions are outdated and I'll report them to the
respective teams. However, there is a chance that even if log4j and
commons-compress update their versions they won't match when osgi.core releases
a new version in the future (they probably won't update to the latest version
at the same time given that they don't update versions regularly).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org