RMCampos
commented
2 weeks ago Here's how we can find more about those dependencies:
- Find the dependency group and artifact id:
mvn dependency:tree - Then query again with the found information:
mvn dependency:tree -Dincludes=org.apache.commons:commons-compress
Here's the output:
[INFO] Scanning for projects...
[INFO]
[INFO] ---------------------< ca.bc.gov:nr-spar-backend >----------------------
[INFO] Building nr-spar-backend 0.19.1
[INFO] from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- dependency:3.6.1:tree (default-cli) @ nr-spar-backend ---
[INFO] ca.bc.gov:nr-spar-backend:jar:0.19.1
[INFO] \- org.apache.poi:poi-ooxml:jar:5.2.5:compile
[INFO] \- org.apache.commons:commons-compress:jar:1.25.0:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.093 s
[INFO] Finished at: 2024-06-21T09:54:17-03:00
[INFO] ------------------------------------------------------------------------So, as we can see, commons-compress it's required by poi-ooxml (present in the pom.xml file). We need poi-ooxml to deal with Microsoft XML-based files, such as XLSX. However, we're not dealing with those. Initially we we're supposed to allow users to upload XLS and XLSX files, but we're currently allowing only CSV files.
I'm almost sure we can remove this dependency.
Running some tests.. brb..
Describe the task A clear and concise description of what the task is.
https://github.com/bcgov/nr-spar/security/code-scanning/79 https://github.com/bcgov/nr-spar/security/code-scanning/80
Acceptance Criteria
Additional context