Bug 65101 - Dependency Convergence issue with xml-apis on version 5.0.0
Summary: Dependency Convergence issue with xml-apis on version 5.0.0
Status: NEW
Alias: None
Product: POI
Classification: Unclassified
Component: POI Overall (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
URL: https://issues.apache.org/jira/browse...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-23 23:19 UTC by Daniel Subelman
Modified: 2021-01-25 16:31 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Subelman 2021-01-23 23:19:07 UTC
There is dependency convergence issue with xml-apis (v1.3.04 and v1.4.01).

Here is maven-enforcer-plugin report:

+-org.apache.poi:poi-ooxml:5.0.0
    +-org.apache.xmlgraphics:batik-all:1.13
      +-org.apache.xmlgraphics:batik-dom:1.13
        +-xalan:xalan:2.7.2
          +-xalan:serializer:2.7.2
            +-xml-apis:xml-apis:1.3.04

+-org.apache.poi:poi-ooxml:5.0.0
    +-org.apache.xmlgraphics:batik-all:1.13
      +-org.apache.xmlgraphics:batik-dom:1.13
        +-xml-apis:xml-apis:1.4.01
Comment 1 Dominik Stadler 2021-01-25 07:11:23 UTC
Can you work around this by specifying the newer version of xml-apis in your pom.xml explicitely? As far as I remember this is a way to get rid of such "maven-enforcer" violations locally.
Comment 2 Daniel Subelman 2021-01-25 15:10:30 UTC
Sure, that's the work around I implemented and got rid of the "maven-enforcer" violation. The current pom.xml looks like this:

<dependencies>
    <dependency>
        <groupId>org.apache.poi</groupId>
        <artifactId>poi-ooxml</artifactId>
        <version>5.0.0</version>
        <exclusions>
            <exclusion>
                <groupId>xml-apis</groupId>
                <artifactId>xml-apis</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>xml-apis</groupId>
        <artifactId>xml-apis</artifactId>
        <version>1.4.01</version>
    </dependency>
</dependencies>

However, I'm reporting this because the dependency conflict is within poi-ooxml and I think it should be tackle there.
Comment 3 PJ Fanning 2021-01-25 15:18:20 UTC
The issue is in the batik dependencies.
Comment 4 Daniel Subelman 2021-01-25 15:25:26 UTC
You are right, should I report the issue there?
Comment 5 PJ Fanning 2021-01-25 15:58:54 UTC
probably best to start with https://issues.apache.org/jira/projects/BATIK
Comment 6 Daniel Subelman 2021-01-25 16:31:25 UTC
I reported the issue in BATIK (https://issues.apache.org/jira/browse/BATIK-1297).

I'll post here any update from them.