Re: slf4j dependency on an beta version

AFAIK slf4j 1.7 doesn’t support JPMS. I also think slf4j is more or less dead and would welcome to move on to log4j2. Von meinem iPhone gesendet > Am 23.09.2021 um 21:25 schrieb Alain FAGOT BÉAREZ : > > Hi, > > The company where I work currently also uses 1.7.32 with no reason to use any > b

Build failed in Jenkins: POI » POI-DSL-1.17 #2

See Changes: [PJ Fanning] forbidden api [PJ Fanning] downgrade junit version - due to build issue [PJ Fanning] slf4j version -- [...truncated 407.72 KB...] AU

Jenkins build is back to normal : POI » POI-DSL-1.11 #83

See - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org

Jenkins build is back to normal : POI » POI-DSL-Windows-1.16 #187

See - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org

Build failed in Jenkins: POI » POI-DSL-Windows-1.16 #186

See Changes: [PJ Fanning] downgrade junit version - due to build issue -- [...truncated 32.38 KB...] > Task :poi-ooxml-lite-agent:classes > Task :poi-ooxml-

Build failed in Jenkins: POI » POI-DSL-Windows-1.16 #185

See Changes: [PJ Fanning] slf4j version -- [...truncated 10.11 KB...] svn: E155010: The node 'F:\jenkins\jenkins-home\712657a4\workspace\POI\POI-DSL-Window

Build failed in Jenkins: POI » POI-DSL-1.11 #82

See Changes: [PJ Fanning] upgrade some build dependencies [PJ Fanning] tabs to spaces -- [...truncated 12.42 KB...] + ant -f build.javacheck.xml -v Apache Ant(TM) v

Re: slf4j dependency on an beta version

Hi, The company where I work currently also uses 1.7.32 with no reason to use any beta versions. +1 for 1.7.32 Cheers, Alain FAGOT BÉAREZ ⁣Obter o BlueMail para Android ​ Em 23 de set de 2021 21:17, em 21:17, PJ Fanning escreveu: > Thanks Andi - I'll change to 1.7.32. > > >On Thursday 23

Build failed in Jenkins: POI » POI-DSL-1.17 #1

See Changes: -- [...truncated 407.87 KB...] AUsrc/documentation/resources/images/logoKarmokar3s.png AUsrc/documentation/resources/images/logoGlenStampoutlzis.png AU

Build failed in Jenkins: POI » POI-DSL-Windows-1.16 #184

See Changes: [PJ Fanning] upgrade some build dependencies [PJ Fanning] tabs to spaces -- [...truncated 9.17 KB...] svn: E155010: The node 'F:\jenkins\jenk

Re: slf4j dependency on an beta version

Thanks Andi - I'll change to 1.7.32. On Thursday 23 September 2021, 20:15:38 IST, Andreas Beeker wrote: Hi PJ, On 23.09.21 20:54, PJ Fanning wrote: > Does anyone know why we don't just rely on slf4j-api 1.7.x? > I've raised the dependency to the beta version, because I saw the 2.x al

Re: slf4j dependency on an beta version

Hi PJ, On 23.09.21 20:54, PJ Fanning wrote: Does anyone know why we don't just rely on slf4j-api 1.7.x? I've raised the dependency to the beta version, because I saw the 2.x alpha and thought this would be the latest stable and they aren't continuing on the 1.x branch. 1.7.x is ok for me, i

[GitHub] [poi] dependabot[bot] commented on pull request #248: Bump spotbugs-gradle-plugin from 4.7.3 to 4.7.5

dependabot[bot] commented on pull request #248: URL: https://github.com/apache/poi/pull/248#issuecomment-926076612 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version,

[GitHub] [poi] dependabot[bot] commented on pull request #249: Bump junitVersion from 5.7.2 to 5.8.1

dependabot[bot] commented on pull request #249: URL: https://github.com/apache/poi/pull/249#issuecomment-926076624 OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependenc

[GitHub] [poi] asfgit closed pull request #248: Bump spotbugs-gradle-plugin from 4.7.3 to 4.7.5

asfgit closed pull request #248: URL: https://github.com/apache/poi/pull/248 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@poi.a

[GitHub] [poi] asfgit closed pull request #249: Bump junitVersion from 5.7.2 to 5.8.1

asfgit closed pull request #249: URL: https://github.com/apache/poi/pull/249 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@poi.a

slf4j dependency on an beta version

Hi, Does anyone know why we don't just rely on slf4j-api 1.7.x? https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.14.1  shows that log4j has a slf4j-api 1.7.x dependency. I know a lot of projects have dependencies on slf4j-api 1.8.x-beta versions or 2.0.x alpha versions - th

Jenkins build is back to normal : POI » POI-DSL-Windows-1.16 #182

See - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org

[GitHub] [poi] dependabot[bot] opened a new pull request #248: Bump spotbugs-gradle-plugin from 4.7.3 to 4.7.5

dependabot[bot] opened a new pull request #248: URL: https://github.com/apache/poi/pull/248 Bumps spotbugs-gradle-plugin from 4.7.3 to 4.7.5. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle.plugin.com.gi

[GitHub] [poi] dependabot[bot] commented on pull request #245: Bump slf4j-api from 1.8.0-beta4 to 2.0.0-alpha5

dependabot[bot] commented on pull request #245: URL: https://github.com/apache/poi/pull/245#issuecomment-92599 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version,

[GitHub] [poi] asfgit closed pull request #246: Bump jmh-generator-annprocess from 1.32 to 1.33

asfgit closed pull request #246: URL: https://github.com/apache/poi/pull/246 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@poi.a

[GitHub] [poi] asfgit closed pull request #247: Bump forbiddenapis from 3.1 to 3.2

asfgit closed pull request #247: URL: https://github.com/apache/poi/pull/247 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@poi.a

[GitHub] [poi] dependabot[bot] commented on pull request #247: Bump forbiddenapis from 3.1 to 3.2

dependabot[bot] commented on pull request #247: URL: https://github.com/apache/poi/pull/247#issuecomment-925995539 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version,

[GitHub] [poi] asfgit closed pull request #245: Bump slf4j-api from 1.8.0-beta4 to 2.0.0-alpha5

asfgit closed pull request #245: URL: https://github.com/apache/poi/pull/245 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@poi.a

[GitHub] [poi] dependabot[bot] commented on pull request #246: Bump jmh-generator-annprocess from 1.32 to 1.33

dependabot[bot] commented on pull request #246: URL: https://github.com/apache/poi/pull/246#issuecomment-925995548 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version,

[GitHub] [poi] dependabot[bot] opened a new pull request #247: Bump forbiddenapis from 3.1 to 3.2

dependabot[bot] opened a new pull request #247: URL: https://github.com/apache/poi/pull/247 Bumps forbiddenapis from 3.1 to 3.2. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=de.thetaphi:forbiddenapis&package

[GitHub] [poi] dependabot[bot] opened a new pull request #246: Bump jmh-generator-annprocess from 1.32 to 1.33

dependabot[bot] opened a new pull request #246: URL: https://github.com/apache/poi/pull/246 Bumps jmh-generator-annprocess from 1.32 to 1.33. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.openjdk.jmh:jmh-

[GitHub] [poi] dependabot[bot] opened a new pull request #245: Bump slf4j-api from 1.8.0-beta4 to 2.0.0-alpha5

dependabot[bot] opened a new pull request #245: URL: https://github.com/apache/poi/pull/245 Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.8.0-beta4 to 2.0.0-alpha5. Commits https://github.com/qos-ch/slf4j/commit/0a34a87495b39f0d70204ee0d07129e9c22dfb98";>0a34a87 p

Re: Vulnerabilities with poi-ooxml dependencies

Hi Mark, I'm just repeating the response I just sent to another user on this email list - just in case you missed that thread. These CVEs are not POI issues. We will release POI 5.1.0 when it is ready which should be soon. But the real fix on your side is to upgrade the Batik, commons-compress a

Re: [VOTE] Apache POI 5.1.0 release (RC1)

Hi Andreas, These CVEs are not POI issues. We will release POI 5.1.0 when it is ready which should be soon. But the real fix on your side is to upgrade the Batik, commons-compress and other dependencies that you have in your build. You don't need to rely on POI changing its transitive dependenci

Re: [VOTE] Apache POI 5.1.0 release (RC1)

Hi, I wait for the release because vulnerability issues (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517 and CVE-2021-36090) in common-compress. When do you think you can release? Thanks... Andreas On 2021/09/05 15:43:23, PJ Fanning wrote: > I put in a change to poi-ooxml/build.gradle to post pr

Vulnerabilities with poi-ooxml dependencies

Hi, I am using your library org.apache.poi with name: 'poi-ooxml' and version: '5.0.0' for my project and after creating my jars, I have gone to pass a vulnerability scan with the trivy command. The scan has given me HIGH vulnerabilities in two dependencies of the library. org.apache.xmlgraphi