Closed DerekRoberts closed 1 week ago
Here's how we can find more about those dependencies:
mvn dependency:tree
mvn dependency:tree -Dincludes=org.apache.commons:commons-compress
Here's the output:
[INFO] Scanning for projects...
[INFO]
[INFO] ---------------------< ca.bc.gov:nr-spar-backend >----------------------
[INFO] Building nr-spar-backend 0.19.1
[INFO] from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- dependency:3.6.1:tree (default-cli) @ nr-spar-backend ---
[INFO] ca.bc.gov:nr-spar-backend:jar:0.19.1
[INFO] \- org.apache.poi:poi-ooxml:jar:5.2.5:compile
[INFO] \- org.apache.commons:commons-compress:jar:1.25.0:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.093 s
[INFO] Finished at: 2024-06-21T09:54:17-03:00
[INFO] ------------------------------------------------------------------------
So, as we can see, commons-compress
it's required by poi-ooxml
(present in the pom.xml file). We need poi-ooxml
to deal with Microsoft XML-based files, such as XLSX. However, we're not dealing with those. Initially we we're supposed to allow users to upload XLS and XLSX files, but we're currently allowing only CSV files.
I'm almost sure we can remove this dependency.
Running some tests.. brb..
Here's more information about that package: https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml
Describe the task A clear and concise description of what the task is.
https://github.com/bcgov/nr-spar/security/code-scanning/79 https://github.com/bcgov/nr-spar/security/code-scanning/80
Acceptance Criteria
Additional context