JAVA-3013: Updates to other components to address additional 4.x CVEs (#1595)

absurdfarce · web-flow · commit 3b75607526f4 · 2022-04-27T13:15:02.000-05:00
diff --git a/core-shaded/pom.xml b/core-shaded/pom.xml
@@ -331,7 +331,7 @@
                   <!--
                   5) Don't import packages imported by shaded classes, if they are not used by the
                   driver bundle.
-                  -->!com.google.protobuf.*, !com.jcraft.jzlib.*, !com.ning.compress.*, !lzma.sdk.*, !net.jpountz.xxhash.*, !org.bouncycastle.*, !org.conscrypt.*, !org.apache.commons.logging.*, !org.apache.log4j.*, !org.apache.logging.log4j.*, !org.eclipse.jetty.*, !org.jboss.marshalling.*, !sun.misc.*, !sun.security.*, !com.barchart.udt.*, !com.fasterxml.aalto.*, !com.sun.nio.sctp.*, !gnu.io.*, !org.xml.sax.*, !org.w3c.dom.*, *
+                  -->!com.google.protobuf.*, !com.jcraft.jzlib.*, !com.ning.compress.*, !lzma.sdk.*, !net.jpountz.xxhash.*, !org.bouncycastle.*, !org.conscrypt.*, !org.apache.commons.logging.*, !org.apache.log4j.*, !org.apache.logging.log4j.*, !org.eclipse.jetty.*, !org.jboss.marshalling.*, !sun.misc.*, !sun.security.*, !com.barchart.udt.*, !com.fasterxml.aalto.*, !com.sun.nio.sctp.*, !gnu.io.*, !org.xml.sax.*, !org.w3c.dom.*, !com.aayushatharva.brotli4j.*, !com.github.luben.zstd.*, *
                 </Import-Package>
                 <!--
                 Export:
diff --git a/core/revapi.json b/core/revapi.json
diff --git a/core/src/main/java/com/datastax/dse/driver/internal/core/graph/DseGraphTraversal.java b/core/src/main/java/com/datastax/dse/driver/internal/core/graph/DseGraphTraversal.java
@@ -33,16 +33,6 @@ public DseGraphTraversal(AsyncGraphResultSet firstPage) {
     this.graphNodeIterator = GraphResultSets.toSync(firstPage).iterator();
   }
 
-  @Override
-  @SuppressWarnings("deprecation")
-  public org.apache.tinkerpop.gremlin.process.remote.traversal.RemoteTraversalSideEffects
-      getSideEffects() {
-    // This was deprecated as part of TINKERPOP-2265
-    // and is no longer being promoted as a feature.
-    // return null but do not throw "NotSupportedException"
-    return null;
-  }
-
   @Override
   public boolean hasNext() {
     return graphNodeIterator.hasNext();
diff --git a/integration-tests/src/test/java/com/datastax/dse/driver/api/core/graph/remote/ClassicGraphTraversalRemoteIT.java b/integration-tests/src/test/java/com/datastax/dse/driver/api/core/graph/remote/ClassicGraphTraversalRemoteIT.java
@@ -15,6 +15,8 @@
  */
 package com.datastax.dse.driver.api.core.graph.remote;
 
+import static org.apache.tinkerpop.gremlin.process.traversal.AnonymousTraversalSource.traversal;
+
 import com.datastax.dse.driver.api.core.graph.DseGraph;
 import com.datastax.dse.driver.api.core.graph.GraphTestSupport;
 import com.datastax.dse.driver.api.core.graph.SampleGraphScripts;
@@ -24,9 +26,7 @@
 import com.datastax.oss.driver.api.testinfra.DseRequirement;
 import com.datastax.oss.driver.api.testinfra.ccm.CustomCcmRule;
 import com.datastax.oss.driver.api.testinfra.session.SessionRule;
-import org.apache.tinkerpop.gremlin.process.traversal.AnonymousTraversalSource;
 import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource;
-import org.apache.tinkerpop.gremlin.structure.util.empty.EmptyGraph;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.rules.RuleChain;
@@ -70,14 +70,12 @@ protected boolean isGraphBinary() {
 
   @Override
   protected GraphTraversalSource graphTraversalSource() {
-    return AnonymousTraversalSource.traversal()
-        .withRemote(DseGraph.remoteConnectionBuilder(session()).build());
+    return traversal().withRemote(DseGraph.remoteConnectionBuilder(session()).build());
   }
 
   @Override
   protected SocialTraversalSource socialTraversalSource() {
-    return EmptyGraph.instance()
-        .traversal(SocialTraversalSource.class)
+    return traversal(SocialTraversalSource.class)
         .withRemote(DseGraph.remoteConnectionBuilder(session()).build());
   }
 
diff --git a/integration-tests/src/test/java/com/datastax/dse/driver/api/core/graph/remote/CoreGraphTraversalRemoteIT.java b/integration-tests/src/test/java/com/datastax/dse/driver/api/core/graph/remote/CoreGraphTraversalRemoteIT.java
@@ -15,6 +15,8 @@
  */
 package com.datastax.dse.driver.api.core.graph.remote;
 
+import static org.apache.tinkerpop.gremlin.process.traversal.AnonymousTraversalSource.traversal;
+
 import com.datastax.dse.driver.api.core.graph.DseGraph;
 import com.datastax.dse.driver.api.core.graph.GraphTestSupport;
 import com.datastax.dse.driver.api.core.graph.SampleGraphScripts;
@@ -24,9 +26,7 @@
 import com.datastax.oss.driver.api.testinfra.DseRequirement;
 import com.datastax.oss.driver.api.testinfra.ccm.CustomCcmRule;
 import com.datastax.oss.driver.api.testinfra.session.SessionRule;
-import org.apache.tinkerpop.gremlin.process.traversal.AnonymousTraversalSource;
 import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource;
-import org.apache.tinkerpop.gremlin.structure.util.empty.EmptyGraph;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.rules.RuleChain;
@@ -60,15 +60,14 @@ protected boolean isGraphBinary() {
 
   @Override
   protected GraphTraversalSource graphTraversalSource() {
-    return AnonymousTraversalSource.traversal()
+    return traversal()
         .withRemote(DseGraph.remoteConnectionBuilder(session()).build())
         .with("allow-filtering");
   }
 
   @Override
   protected SocialTraversalSource socialTraversalSource() {
-    return EmptyGraph.instance()
-        .traversal(SocialTraversalSource.class)
+    return traversal(SocialTraversalSource.class)
         .withRemote(DseGraph.remoteConnectionBuilder(session()).build())
         .with("allow-filtering");
   }
diff --git a/manual/core/integration/README.md b/manual/core/integration/README.md
@@ -562,6 +562,7 @@ Here are the recommended TinkerPop versions for each driver version:
 
 <table>
 <tr><th>Driver version</th><th>TinkerPop version</th></tr>
+<tr><td>4.14.1</td><td>3.5.3</td></tr>
 <tr><td>4.14.0</td><td>3.4.10</td></tr>
 <tr><td>4.13.0</td><td>3.4.10</td></tr>
 <tr><td>4.12.0</td><td>3.4.10</td></tr>
diff --git a/pom.xml b/pom.xml
@@ -53,12 +53,12 @@
     When upgrading TinkerPop please upgrade the version matrix in
     manual/core/integration/README.md
     -->
-    <tinkerpop.version>3.4.10</tinkerpop.version>
+    <tinkerpop.version>3.5.3</tinkerpop.version>
     <slf4j.version>1.7.26</slf4j.version>
     <reactive-streams.version>1.0.3</reactive-streams.version>
     <json.version>20210307</json.version>
-    <jackson.version>2.12.2</jackson.version>
-    <jackson-databind.version>2.12.2</jackson-databind.version>
+    <jackson.version>2.13.2</jackson.version>
+    <jackson-databind.version>2.13.2.2</jackson-databind.version>
     <legacy-jackson.version>1.9.12</legacy-jackson.version>
     <!-- optional dependencies -->
     <snappy.version>1.1.7.3</snappy.version>
@@ -81,7 +81,7 @@
     <awaitility.version>4.0.3</awaitility.version>
     <apacheds.version>2.0.0-M19</apacheds.version>
     <surefire.version>2.22.2</surefire.version>
-    <graalapi.version>21.0.0.2</graalapi.version>
+    <graalapi.version>22.0.0.2</graalapi.version>
     <skipTests>false</skipTests>
     <skipUnitTests>${skipTests}</skipUnitTests>
   </properties>
