From f6fb8986bdf7ccaab20b1659475d4102043d6269 Mon Sep 17 00:00:00 2001 From: Giuseppe Villani Date: Thu, 23 Jun 2022 16:58:54 +0200 Subject: [PATCH] Upgrades packages and adocs for CVE extra-deps (#2989) --- core/build.gradle | 17 ++++++---- .../database-integration/bolt-neo4j.adoc | 2 +- .../pages/database-integration/couchbase.adoc | 17 ++++++---- .../pages/database-integration/mongo.adoc | 20 +----------- .../pages/database-integration/mongodb.adoc | 24 ++------------ .../ROOT/partials/mongodb-dependencies.adoc | 16 ++++++++++ extra-dependencies/bolt/build.gradle | 2 +- extra-dependencies/couchbase/build.gradle | 4 ++- extra-dependencies/hadoop/build.gradle | 4 +-- extra-dependencies/mongodb/build.gradle | 4 ++- extra-dependencies/nlp/build.gradle | 9 ++++-- full/build.gradle | 32 ++++++++++++------- .../java/apoc/couchbase/CouchbaseManager.java | 2 +- .../main/java/apoc/mongodb/MongoDBColl.java | 2 +- .../aws/AWSVirtualSentimentVirtualGraph.kt | 2 +- test-utils/build.gradle | 10 +++--- 16 files changed, 85 insertions(+), 82 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index 5839c98b65..9efa299083 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -101,14 +101,19 @@ dependencies { exclude group: 'org.eclipse.jetty.aggregate' exclude group: 'org.apache.hive', module: 'hive-service' } + + def withoutJacksons = { + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations' + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind' + } compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective testCompile 'org.mock-server:mockserver-netty:5.6.0' testCompile 'org.mock-server:mockserver-client-java:5.6.0' - compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683' - testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683' + compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons + testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons compile group: 'com.opencsv', name: 'opencsv', version: '4.6' compile group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4' @@ -116,8 +121,8 @@ dependencies { testCompile group: 'org.apache.hive', name: 'hive-jdbc', version: '1.2.2', withoutServers - compileOnly group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.1', withoutServers - compileOnly group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.1', withoutServers + compileOnly group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.2', withoutServers + compileOnly group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.2', withoutServers compile group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1' // explicit update comomns.io version @@ -134,8 +139,8 @@ dependencies { testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0' testCompile group: 'org.assertj', name: 'assertj-core', version: '3.13.2' - compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0' - testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0', { + compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1' + testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1', { exclude group: 'com.google.guava', module: 'guava' } diff --git a/docs/asciidoc/modules/ROOT/pages/database-integration/bolt-neo4j.adoc b/docs/asciidoc/modules/ROOT/pages/database-integration/bolt-neo4j.adoc index fcf4d3012e..bc4a65232e 100644 --- a/docs/asciidoc/modules/ROOT/pages/database-integration/bolt-neo4j.adoc +++ b/docs/asciidoc/modules/ROOT/pages/database-integration/bolt-neo4j.adoc @@ -78,7 +78,7 @@ In addition, the `apoc.bolt.load.fromLocal` can have: The Bolt procedures have dependencies on a client library that is not included in the APOC Library. -You can download it from https://repo1.maven.org/maven2/org/neo4j/driver/neo4j-java-driver/4.0.0/neo4j-java-driver-4.0.0.jar[mvnrepository] +You can download it from https://repo1.maven.org/maven2/org/neo4j/driver/neo4j-java-driver/4.4.5/neo4j-java-driver-4.4.5.jar[mvnrepository] or https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-bolt-dependencies-{apoc-release}.jar[apoc repository]. Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted. diff --git a/docs/asciidoc/modules/ROOT/pages/database-integration/couchbase.adoc b/docs/asciidoc/modules/ROOT/pages/database-integration/couchbase.adoc index 95e45c1a2d..e383beebc7 100644 --- a/docs/asciidoc/modules/ROOT/pages/database-integration/couchbase.adoc +++ b/docs/asciidoc/modules/ROOT/pages/database-integration/couchbase.adoc @@ -20,15 +20,20 @@ include::example$generated-documentation/apoc.couchbase.replace.adoc[] include::example$generated-documentation/apoc.couchbase.query.adoc[] |=== -Copy these jars into the plugins directory: +== Install Dependencies (Tested with CB Enterprise 5.5.3) -[source,shell] ----- -mvn dependency:copy-dependencies -cp target/dependency/java-client-2.5.9.jar target/dependency/core-io-1.5.2.jar target/dependency/rxjava-1.3.8.jar $NEO4J_HOME/plugins/ ----- +The Couchbase procedures have dependencies on a client library that is not included in the APOC Library. +This dependency is included in https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-couchbase-dependencies-{apoc-release}.jar[apoc-couchbase-dependencies-{apoc-release}.jar^], which can be downloaded from the https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/tag/{apoc-release}[releases page^]. +Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted. + + +Alternatively, you could copy into the `plugins` directory, from maven repository, +the https://repo1.maven.org/maven2/com/couchbase/client/java-client/3.3.0/java-client-3.3.0.jar[Couchbase Java SDK], +and the https://repo1.maven.org/maven2/com/couchbase/client/core-io/2.3.0/core-io-2.3.0.jar[Couchbase JVM Core IO] + +== Usage To interact with Couchbase you can define the host on which to connect to as the first parameter of the procedure (with bucket as second parameter, document_id as third parameter): diff --git a/docs/asciidoc/modules/ROOT/pages/database-integration/mongo.adoc b/docs/asciidoc/modules/ROOT/pages/database-integration/mongo.adoc index 177c4ea1bc..f816da2b3d 100644 --- a/docs/asciidoc/modules/ROOT/pages/database-integration/mongo.adoc +++ b/docs/asciidoc/modules/ROOT/pages/database-integration/mongo.adoc @@ -19,27 +19,9 @@ |=== - [[mongodb-dependencies]] == Install Dependencies - -The `apoc.mongo.*` procedures have dependencies on a client library that is not included in the APOC Library. - -To use them, copy these jars into the plugins directory: - -* bson-3.4.2.jar -* mongo-java-driver-3.4.2.jar -* mongodb-driver-3.4.2.jar -* mongodb-driver-core-3.4.2.jar - -You should be able to get them from https://mongodb.github.io/mongo-java-driver/[here], and https://mvnrepository.com/artifact/org.mongodb/bson/3.4.2[here (BSON)] (via Download) - -Or you can get them locally from your gradle build of apoc. - ----- -gradle copyRuntimeLibs -cp lib/mongodb*.jar lib/bson*.jar $NEO4J_HOME/plugins/ ----- +include::partial$mongodb-dependencies.adoc[] [[mongodb-fields]] diff --git a/docs/asciidoc/modules/ROOT/pages/database-integration/mongodb.adoc b/docs/asciidoc/modules/ROOT/pages/database-integration/mongodb.adoc index 4e54fe65d7..3cd1c57459 100644 --- a/docs/asciidoc/modules/ROOT/pages/database-integration/mongodb.adoc +++ b/docs/asciidoc/modules/ROOT/pages/database-integration/mongodb.adoc @@ -25,13 +25,10 @@ include::example$generated-documentation/apoc.mongodb.insert.adoc[] include::example$generated-documentation/apoc.mongodb.update.adoc[] |=== + [[mongodb-dependencies]] == Install Dependencies - -The Mongo procedures have dependencies on a client library that is not included in the APOC Library. - -This dependency is included in https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-mongodb-dependencies-{apoc-release}.jar[apoc-mongodb-dependencies-{apoc-release}.jar^], which can be downloaded from the https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/tag/{apoc-release}[releases page^]. -Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted. +include::partial$mongodb-dependencies.adoc[] [[mongodb-fields]] == Field description @@ -137,23 +134,6 @@ With the `extractReferences=false`, `compatibleValues=false` and `objectIdAsMap= -== Dependencies - -Copy these jars into the plugins directory: - -* bson-3.4.2.jar -* mongo-java-driver-3.4.2.jar -* mongodb-driver-3.4.2.jar -* mongodb-driver-core-3.4.2.jar - -You should be able to get them from https://mongodb.github.io/mongo-java-driver/[here], and https://mvnrepository.com/artifact/org.mongodb/bson/3.4.2[here (BSON)] (via Download) - -Or you get them locally from your gradle build of apoc. - ----- -gradle copyRuntimeLibs -cp lib/mongodb*.jar lib/bson*.jar $NEO4J_HOME/plugins/ ----- == Example diff --git a/docs/asciidoc/modules/ROOT/partials/mongodb-dependencies.adoc b/docs/asciidoc/modules/ROOT/partials/mongodb-dependencies.adoc index 3a2431f510..78dd3f6f3c 100644 --- a/docs/asciidoc/modules/ROOT/partials/mongodb-dependencies.adoc +++ b/docs/asciidoc/modules/ROOT/partials/mongodb-dependencies.adoc @@ -2,3 +2,19 @@ The Mongo procedures have dependencies on a client library that is not included This dependency is included in https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-mongodb-dependencies-{apoc-release}.jar[apoc-mongodb-dependencies-{apoc-release}.jar^], which can be downloaded from the https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/tag/{apoc-release}[releases page^]. Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted. + + + +Alternatively, you could copy these jars into the plugins directory: + +* bson-3.4.2.jar +* mongo-java-driver-3.4.2.jar, +* mongodb-driver-3.4.2.jar +* mongodb-driver-core-3.4.2.jar + +You should be able to get them from the following links: + +- https://mvnrepository.com/artifact/org.mongodb/mongo-java-driver/3.4.2[mongo-java-driver] +- https://mvnrepository.com/artifact/org.mongodb/mongodb-driver/3.4.2[mongodb-driver] +- https://mvnrepository.com/artifact/org.mongodb/mongodb-driver-core/3.4.2[mongodb-driver-core] +- https://mvnrepository.com/artifact/org.mongodb/bson/3.4.2[BSON] diff --git a/extra-dependencies/bolt/build.gradle b/extra-dependencies/bolt/build.gradle index 58eef71d55..cdef19b7c0 100644 --- a/extra-dependencies/bolt/build.gradle +++ b/extra-dependencies/bolt/build.gradle @@ -17,7 +17,7 @@ jar { } dependencies { - compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0' + compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.5' } diff --git a/extra-dependencies/couchbase/build.gradle b/extra-dependencies/couchbase/build.gradle index 170b1027fd..6660d67837 100644 --- a/extra-dependencies/couchbase/build.gradle +++ b/extra-dependencies/couchbase/build.gradle @@ -17,7 +17,9 @@ jar { } dependencies { - compile group: 'com.couchbase.client', name: 'java-client', version: '3.2.4' + compile group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', { + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind' + } } diff --git a/extra-dependencies/hadoop/build.gradle b/extra-dependencies/hadoop/build.gradle index 6203e7e30f..921ebf0a55 100644 --- a/extra-dependencies/hadoop/build.gradle +++ b/extra-dependencies/hadoop/build.gradle @@ -33,8 +33,8 @@ def commonExclusions = { } dependencies { - compile group: 'org.apache.hadoop', name: 'hadoop-hdfs-client', version: '3.3.1', commonExclusions - compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.1', commonExclusions + compile group: 'org.apache.hadoop', name: 'hadoop-hdfs-client', version: '3.3.2', commonExclusions + compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.2', commonExclusions } diff --git a/extra-dependencies/mongodb/build.gradle b/extra-dependencies/mongodb/build.gradle index b7c73804df..a520f75568 100644 --- a/extra-dependencies/mongodb/build.gradle +++ b/extra-dependencies/mongodb/build.gradle @@ -17,7 +17,9 @@ jar { } dependencies { - compile 'org.mongodb:mongodb-driver:3.2.2' + compile 'org.mongodb:mongodb-driver:3.2.2', { + exclude group: 'io.netty' + } } diff --git a/extra-dependencies/nlp/build.gradle b/extra-dependencies/nlp/build.gradle index 43e6bfcb2d..f9f8bf9b08 100644 --- a/extra-dependencies/nlp/build.gradle +++ b/extra-dependencies/nlp/build.gradle @@ -17,9 +17,14 @@ jar { } } +def withoutJacksons = { + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations' + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind' +} + dependencies { - compile group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683' - compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.1' + compile group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons + compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.1', withoutJacksons compile 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.0' } diff --git a/full/build.gradle b/full/build.gradle index 4a01ba045b..0e96cb5cde 100644 --- a/full/build.gradle +++ b/full/build.gradle @@ -56,7 +56,7 @@ dependencies { // compile group: 'commons-codec', name: 'commons-codec', version: '1.14' compile group: 'com.jayway.jsonpath', name: 'json-path', version: '2.4.0' compile group: 'org.hdrhistogram', name: 'HdrHistogram', version: '2.1.9' - compileOnly group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0' + compileOnly group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.5' compile group: 'com.novell.ldap', name: 'jldap', version: '2009-10-07' antlr "org.antlr:antlr4:4.7.2", { @@ -108,34 +108,42 @@ dependencies { exclude group: 'org.apache.hive', module: 'hive-service' } + def withoutJacksons = { + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations' + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind' + } - compileOnly 'org.mongodb:mongodb-driver:3.2.2' - testCompile 'org.mongodb:mongodb-driver:3.2.2' + compileOnly 'org.mongodb:mongodb-driver:3.2.2', { + exclude group: 'io.netty' + } + testCompile 'org.mongodb:mongodb-driver:3.2.2', { + exclude group: 'io.netty' + } - compileOnly group: 'com.couchbase.client', name: 'java-client', version: '3.2.4' - testCompile group: 'com.couchbase.client', name: 'java-client', version: '3.2.4' + compileOnly group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons + testCompile group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons compileOnly group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE' testCompile group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE' compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective - compileOnly group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2' + compileOnly group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2', withoutJacksons compileOnly 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.0' - testCompile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2' + testCompile group: 'com.fasterxml.jackson.module', name: 'jackson-module-kotlin', version: '2.13.2', withoutJacksons testCompile 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.0' testCompile 'org.mock-server:mockserver-netty:5.6.0' testCompile 'org.mock-server:mockserver-client-java:5.6.0' - compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683' - testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.11.683' + compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons + testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-comprehend', version: '1.12.214' , withoutJacksons compile group: 'com.opencsv', name: 'opencsv', version: '4.6' compile group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4' compileOnly group: 'org.ow2.asm', name: 'asm', version: '5.0.2' - compile group: 'com.github.javafaker', name: 'javafaker', version: '0.10' + compile group: 'com.github.javafaker', name: 'javafaker', version: '1.0.2' // schemacrawler compile group: 'us.fatehi', name: 'schemacrawler', version: '15.04.01' @@ -153,8 +161,8 @@ dependencies { testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0' testCompile group: 'org.assertj', name: 'assertj-core', version: '3.13.2' - compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0' - testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '1.92.0', { + compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1' + testCompile group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.1', { exclude group: 'com.google.guava', module: 'guava' } diff --git a/full/src/main/java/apoc/couchbase/CouchbaseManager.java b/full/src/main/java/apoc/couchbase/CouchbaseManager.java index 3c0a85686f..632c5be240 100644 --- a/full/src/main/java/apoc/couchbase/CouchbaseManager.java +++ b/full/src/main/java/apoc/couchbase/CouchbaseManager.java @@ -2,7 +2,7 @@ import com.couchbase.client.core.env.PasswordAuthenticator; import org.apache.commons.configuration2.Configuration; -import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringUtils; import org.neo4j.internal.helpers.collection.Pair; import java.net.URI; diff --git a/full/src/main/java/apoc/mongodb/MongoDBColl.java b/full/src/main/java/apoc/mongodb/MongoDBColl.java index 61fabec06d..32df841941 100644 --- a/full/src/main/java/apoc/mongodb/MongoDBColl.java +++ b/full/src/main/java/apoc/mongodb/MongoDBColl.java @@ -12,7 +12,7 @@ import com.mongodb.client.MongoIterable; import com.mongodb.client.result.DeleteResult; import com.mongodb.client.result.UpdateResult; -import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringUtils; import org.bson.BsonDouble; import org.bson.BsonInt32; import org.bson.BsonInt64; diff --git a/full/src/main/kotlin/apoc/nlp/aws/AWSVirtualSentimentVirtualGraph.kt b/full/src/main/kotlin/apoc/nlp/aws/AWSVirtualSentimentVirtualGraph.kt index 639ecc15e4..5ea312dd08 100644 --- a/full/src/main/kotlin/apoc/nlp/aws/AWSVirtualSentimentVirtualGraph.kt +++ b/full/src/main/kotlin/apoc/nlp/aws/AWSVirtualSentimentVirtualGraph.kt @@ -4,7 +4,7 @@ import apoc.nlp.NLPVirtualGraph import apoc.result.VirtualGraph import apoc.result.VirtualNode import com.amazonaws.services.comprehend.model.BatchDetectSentimentResult -import org.apache.commons.lang.WordUtils +import org.apache.commons.text.WordUtils import org.neo4j.graphdb.Node import org.neo4j.graphdb.Relationship import org.neo4j.graphdb.Transaction diff --git a/test-utils/build.gradle b/test-utils/build.gradle index ccd2b88212..dadf98baff 100644 --- a/test-utils/build.gradle +++ b/test-utils/build.gradle @@ -12,8 +12,6 @@ dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' - compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0' - compile group: 'org.gradle', name: 'gradle-tooling-api', version: '6.1.1' def withoutServers = { @@ -22,11 +20,11 @@ dependencies { exclude group: 'org.apache.hive', module: 'hive-service' } - compile group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.1', withoutServers - compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.1', withoutServers - compile group: 'org.apache.hadoop', name: 'hadoop-minicluster', version: '3.3.1', withoutServers + compile group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.2', withoutServers + compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.2', withoutServers + compile group: 'org.apache.hadoop', name: 'hadoop-minicluster', version: '3.3.2', withoutServers - compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.0.0' + compile group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.5' compile group: 'org.jetbrains', name: 'annotations', version: "17.0.0" // Test Containers