Update Apache POI and POI Scratchpad

[Faelean]

Hey,

there is a CVE for the POI version that is currently used (https://nvd.nist.gov/vuln/detail/CVE-2022-26336).
Is it possible to just replace the dependencies on our own and update to 5.2.2 or are there any breaking changes that would prevent SJW from working if we do that?

[bbottema]

POI is used solely for the Outlook conversion support. If you don't use that you can just exclude that module altogether (or just exclude the dependencies).

If you do rely on that module, well I just tried and ran all the tests from the project with the newer POI version without any problems. So you could also just pin the POI dependency version to 5.2.2.

[bbottema]

FYI, I've released outlook-message-parser 1.9.0, which has the newer dependencies. You could now also just pin this version instead of managing POI directly.

[Faelean]

Thanks for the quick update, much appreciated.
We're using the Outlook conversion so removing the module isn't an option, but knowing that we can just replace POI until we release a new version is great.

[bbottema]

Released in 7.1.2