Stream: hapi
Topic: Saxon HE dependency
Kevin Most (Sep 02 2021 at 01:11):
Hi all,
We recently started auditing our project's transitive dependencies and found that Saxon HE is being brought in via HAPI FHIR.
Looking through HAPI FHIR's usages of Saxon, the only thing I can find is an unused import: https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-base/src/main/java/ca/uhn/fhir/validation/IValidatorModule.java#L3
It seems like there was an issue and associated PR to remove Saxon back in 2016 (https://github.com/hapifhir/hapi-fhir/issues/440), but this import was added to IValidatorModule more recently, so I'm wondering if it was added back erroneously or something?
It also seems like at least one todo calls out that Saxon is not needed: https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-structures-dstu3/todo.txt
Let me know if this dependency is actually needed and I'm off-base here. Thanks!
Last updated: Apr 12 2022 at 19:14 UTC
