Upgrades packages and adocs for CVE extra-deps (#2989)

core/build.gradle

@@ -101,23 +101,28 @@ dependencies {
         exclude group: 'org.eclipse.jetty.aggregate'
         exclude group: 'org.apache.hive', module: 'hive-service'
     }
+
+    def withoutJacksons = {
+        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations'
+        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
+    }
 
     compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective
 
     testCompile 'org.mock-server:mockserver-netty:5.6.0'
     testCompile 'org.mock-server:mockserver-client-java:5.6.0'
 
-    compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683'
-    testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683'
+    compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons
+    testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons
 
     compile group: 'com.opencsv', name: 'opencsv', version: '4.6'
     compile group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4'
     compileOnly group: 'org.ow2.asm', name: 'asm', version: '5.0.2'
 
     testCompile group: 'org.apache.hive', name: 'hive-jdbc', version: '1.2.2', withoutServers
 
-    compileOnly group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.1', withoutServers
-    compileOnly group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.1', withoutServers
+    compileOnly group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.2', withoutServers
+    compileOnly group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.2', withoutServers
 
     compile group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1'
     // explicit update comomns.io version
@@ -134,8 +139,8 @@ dependencies {
     testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0'
     testCompile group: 'org.assertj', name: 'assertj-core', version: '3.13.2'
 
-    compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0'
-    testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0', {
+    compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1'
+    testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1', {
         exclude group: 'com.google.guava', module: 'guava'
     }
 

docs/asciidoc/modules/ROOT/pages/database-integration/bolt-neo4j.adoc

@@ -78,7 +78,7 @@ In addition, the `apoc.bolt.load.fromLocal` can have:
 
 The Bolt procedures have dependencies on a client library that is not included in the APOC Library.
 
-You can download it from https://repo1.maven.org/maven2/org/neo4j/driver/neo4j-java-driver/4.0.0/neo4j-java-driver-4.0.0.jar[mvnrepository]
+You can download it from https://repo1.maven.org/maven2/org/neo4j/driver/neo4j-java-driver/4.4.5/neo4j-java-driver-4.4.5.jar[mvnrepository]
 or https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-bolt-dependencies-{apoc-release}.jar[apoc repository].
 Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted.
 

docs/asciidoc/modules/ROOT/pages/database-integration/couchbase.adoc

@@ -20,15 +20,20 @@ include::example$generated-documentation/apoc.couchbase.replace.adoc[]
 include::example$generated-documentation/apoc.couchbase.query.adoc[]
 |===
 
-Copy these jars into the plugins directory:
+== Install Dependencies
 
 (Tested with CB Enterprise 5.5.3)
 
-[source,shell]
-----
-mvn dependency:copy-dependencies
-cp target/dependency/java-client-2.5.9.jar target/dependency/core-io-1.5.2.jar target/dependency/rxjava-1.3.8.jar $NEO4J_HOME/plugins/
-----
+The Couchbase procedures have dependencies on a client library that is not included in the APOC Library.
+This dependency is included in https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-couchbase-dependencies-{apoc-release}.jar[apoc-couchbase-dependencies-{apoc-release}.jar^], which can be downloaded from the https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/tag/{apoc-release}[releases page^].
+Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted.
+
+
+Alternatively, you could copy into the `plugins` directory, from maven repository,
+the https://repo1.maven.org/maven2/com/couchbase/client/java-client/3.3.0/java-client-3.3.0.jar[Couchbase Java SDK],
+and the https://repo1.maven.org/maven2/com/couchbase/client/core-io/2.3.0/core-io-2.3.0.jar[Couchbase JVM Core IO]
+
+== Usage
 
 To interact with Couchbase you can define the host on which to connect to as the first parameter of the procedure (with bucket as second parameter, document_id as third parameter):
 

docs/asciidoc/modules/ROOT/pages/database-integration/mongo.adoc

@@ -19,27 +19,9 @@
 |===
 
 
-
 [[mongodb-dependencies]]
 == Install Dependencies
-
-The `apoc.mongo.*` procedures have dependencies on a client library that is not included in the APOC Library.
-
-To use them, copy these jars into the plugins directory:
-
-* bson-3.4.2.jar
-* mongo-java-driver-3.4.2.jar
-* mongodb-driver-3.4.2.jar
-* mongodb-driver-core-3.4.2.jar
-
-You should be able to get them from https://mongodb.github.io/mongo-java-driver/[here], and https://mvnrepository.com/artifact/org.mongodb/bson/3.4.2[here (BSON)] (via Download)
-
-Or you can get them locally from your gradle build of apoc.
-
-----
-gradle copyRuntimeLibs
-cp lib/mongodb*.jar lib/bson*.jar $NEO4J_HOME/plugins/
-----
+include::partial$mongodb-dependencies.adoc[]
 
 
 [[mongodb-fields]]

docs/asciidoc/modules/ROOT/pages/database-integration/mongodb.adoc

@@ -25,13 +25,10 @@ include::example$generated-documentation/apoc.mongodb.insert.adoc[]
 include::example$generated-documentation/apoc.mongodb.update.adoc[]
 |===
 
+
 [[mongodb-dependencies]]
 == Install Dependencies
-
-The Mongo procedures have dependencies on a client library that is not included in the APOC Library.
-
-This dependency is included in https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-mongodb-dependencies-{apoc-release}.jar[apoc-mongodb-dependencies-{apoc-release}.jar^], which can be downloaded from the https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/tag/{apoc-release}[releases page^].
-Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted.
+include::partial$mongodb-dependencies.adoc[]
 
 [[mongodb-fields]]
 == Field description
@@ -137,23 +134,6 @@ With the `extractReferences=false`, `compatibleValues=false` and `objectIdAsMap=
 
 
 
-== Dependencies
-
-Copy these jars into the plugins directory:
-
-* bson-3.4.2.jar
-* mongo-java-driver-3.4.2.jar
-* mongodb-driver-3.4.2.jar
-* mongodb-driver-core-3.4.2.jar
-
-You should be able to get them from https://mongodb.github.io/mongo-java-driver/[here], and https://mvnrepository.com/artifact/org.mongodb/bson/3.4.2[here (BSON)] (via Download)
-
-Or you get them locally from your gradle build of apoc.
-
-----
-gradle copyRuntimeLibs
-cp lib/mongodb*.jar lib/bson*.jar $NEO4J_HOME/plugins/
-----
 
 == Example
 

docs/asciidoc/modules/ROOT/partials/mongodb-dependencies.adoc

@@ -2,3 +2,19 @@ The Mongo procedures have dependencies on a client library that is not included
 
 This dependency is included in https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-mongodb-dependencies-{apoc-release}.jar[apoc-mongodb-dependencies-{apoc-release}.jar^], which can be downloaded from the https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/tag/{apoc-release}[releases page^].
 Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted.
+
+
+
+Alternatively, you could copy these jars into the plugins directory:
+
+* bson-3.4.2.jar
+* mongo-java-driver-3.4.2.jar, 
+* mongodb-driver-3.4.2.jar
+* mongodb-driver-core-3.4.2.jar
+
+You should be able to get them from the following links:
+
+- https://mvnrepository.com/artifact/org.mongodb/mongo-java-driver/3.4.2[mongo-java-driver]
+- https://mvnrepository.com/artifact/org.mongodb/mongodb-driver/3.4.2[mongodb-driver]
+- https://mvnrepository.com/artifact/org.mongodb/mongodb-driver-core/3.4.2[mongodb-driver-core]
+- https://mvnrepository.com/artifact/org.mongodb/bson/3.4.2[BSON]

extra-dependencies/bolt/build.gradle

@@ -17,7 +17,7 @@ jar {
 }
 
 dependencies {
-    compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0'
+    compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.5'
 }
 
 

extra-dependencies/couchbase/build.gradle

@@ -17,7 +17,9 @@ jar {
 }
 
 dependencies {
-    compile group: 'com.couchbase.client', name: 'java-client', version: '3.2.4'
+    compile group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', {
+        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
+    }
 }
 
 

extra-dependencies/hadoop/build.gradle

@@ -33,8 +33,8 @@ def commonExclusions = {
 }
 
 dependencies {
-    compile group: 'org.apache.hadoop', name: 'hadoop-hdfs-client', version: '3.3.1', commonExclusions
-    compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.1', commonExclusions
+    compile group: 'org.apache.hadoop', name: 'hadoop-hdfs-client', version: '3.3.2', commonExclusions
+    compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.2', commonExclusions
 }
 
 

extra-dependencies/mongodb/build.gradle

@@ -17,7 +17,9 @@ jar {
 }
 
 dependencies {
-    compile 'org.mongodb:mongodb-driver:3.2.2'
+    compile 'org.mongodb:mongodb-driver:3.2.2', {
+        exclude group: 'io.netty'
+    }
 }
 
 

extra-dependencies/nlp/build.gradle

@@ -17,9 +17,14 @@ jar {
     }
 }
 
+def withoutJacksons = {
+    exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations'
+    exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
+}
+
 dependencies {
-    compile group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683'
-    compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.1'
+    compile group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons
+    compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.1', withoutJacksons
     compile 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.0'
 }
 

full/build.gradle

@@ -56,7 +56,7 @@ dependencies {
 //    compile group: 'commons-codec', name: 'commons-codec', version: '1.14'
     compile group: 'com.jayway.jsonpath', name: 'json-path', version: '2.4.0'
     compile group: 'org.hdrhistogram', name: 'HdrHistogram', version: '2.1.9'
-    compileOnly group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0'
+    compileOnly group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.5'
     compile group: 'com.novell.ldap', name: 'jldap', version: '2009-10-07'
 
     antlr "org.antlr:antlr4:4.7.2", {
@@ -108,34 +108,42 @@ dependencies {
         exclude group: 'org.apache.hive', module: 'hive-service'
     }
 
+    def withoutJacksons = {
+        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations'
+        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
+    }
 
-    compileOnly 'org.mongodb:mongodb-driver:3.2.2'
-    testCompile 'org.mongodb:mongodb-driver:3.2.2'
+    compileOnly 'org.mongodb:mongodb-driver:3.2.2', {
+        exclude group: 'io.netty'
+    }
+    testCompile 'org.mongodb:mongodb-driver:3.2.2', {
+        exclude group: 'io.netty'
+    }
 
-    compileOnly group: 'com.couchbase.client', name: 'java-client', version: '3.2.4'
-    testCompile group: 'com.couchbase.client', name: 'java-client', version: '3.2.4'
+    compileOnly group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons
+    testCompile group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons
 
     compileOnly group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE'
     testCompile group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE'
 
     compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective
 
-    compileOnly group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2'
+    compileOnly group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2', withoutJacksons
     compileOnly 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.0'
 
-    testCompile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2'
+    testCompile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2', withoutJacksons
     testCompile 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.0'
 
     testCompile 'org.mock-server:mockserver-netty:5.6.0'
     testCompile 'org.mock-server:mockserver-client-java:5.6.0'
 
-    compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683'
-    testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683'
+    compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons
+    testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons
 
     compile group: 'com.opencsv', name: 'opencsv', version: '4.6'
     compile group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4'
     compileOnly group: 'org.ow2.asm', name: 'asm', version: '5.0.2'
-    compile group: 'com.github.javafaker', name: 'javafaker', version: '0.10'
+    compile group: 'com.github.javafaker', name: 'javafaker', version: '1.0.2'
 
     // schemacrawler
     compile group: 'us.fatehi', name: 'schemacrawler', version: '15.04.01'
@@ -153,8 +161,8 @@ dependencies {
     testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0'
     testCompile group: 'org.assertj', name: 'assertj-core', version: '3.13.2'
 
-    compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0'
-    testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0', {
+    compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1'
+    testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1', {
         exclude group: 'com.google.guava', module: 'guava'
     }
 

full/src/main/java/apoc/couchbase/CouchbaseManager.java

@@ -2,7 +2,7 @@
 
 import com.couchbase.client.core.env.PasswordAuthenticator;
 import org.apache.commons.configuration2.Configuration;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.neo4j.internal.helpers.collection.Pair;
 
 import java.net.URI;

full/src/main/java/apoc/mongodb/MongoDBColl.java

@@ -12,7 +12,7 @@
 import com.mongodb.client.MongoIterable;
 import com.mongodb.client.result.DeleteResult;
 import com.mongodb.client.result.UpdateResult;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.bson.BsonDouble;
 import org.bson.BsonInt32;
 import org.bson.BsonInt64;

full/src/main/kotlin/apoc/nlp/aws/AWSVirtualSentimentVirtualGraph.kt

@@ -4,7 +4,7 @@ import apoc.nlp.NLPVirtualGraph
 import apoc.result.VirtualGraph
 import apoc.result.VirtualNode
 import com.amazonaws.services.comprehend.model.BatchDetectSentimentResult
-import org.apache.commons.lang.WordUtils
+import org.apache.commons.text.WordUtils
 import org.neo4j.graphdb.Node
 import org.neo4j.graphdb.Relationship
 import org.neo4j.graphdb.Transaction

test-utils/build.gradle

@@ -12,8 +12,6 @@ dependencies {
 
     compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre'
 
-    compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0'
-
     compile group: 'org.gradle', name: 'gradle-tooling-api', version: '6.1.1'
 
     def withoutServers = {
@@ -22,11 +20,11 @@ dependencies {
         exclude group: 'org.apache.hive', module: 'hive-service'
     }
 
-    compile group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.1', withoutServers
-    compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.1', withoutServers
-    compile group: 'org.apache.hadoop', name: 'hadoop-minicluster', version: '3.3.1', withoutServers
+    compile group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.2', withoutServers
+    compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.2', withoutServers
+    compile group: 'org.apache.hadoop', name: 'hadoop-minicluster', version: '3.3.2', withoutServers
 
-    compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0'
+    compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.5'
     compile group: 'org.jetbrains', name: 'annotations', version: "17.0.0"
 
     // Test Containers