Merge pull request #252 from DimuthuMadushan/main

Fix Security Vulnerability in GraphQL Tool
ballerina-platform · Nov 21, 2023 · 4f761a9 · 4f761a9
2 parents ea32f2f + 52a1905
commit 4f761a9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 27 deletions.
diff --git a/build.gradle b/build.gradle
@@ -23,19 +23,6 @@ plugins {
     id "net.researchgate.release" version "${researchgateReleaseVersion}"
 }
 
-ext.ballerinaLangVersion = project.ballerinaLangVersion
-ext.testngVersion = project.testngVersion
-ext.slf4jVersion = project.slf4jVersion
-ext.commonsLoggingVersion = project.commonsLoggingVersion
-ext.commonsIoVersion = project.commonsIoVersion
-ext.graphqlJavaVersion = project.graphqlJavaVersion
-ext.googleGuavaVersion = project.googleGuavaVersion
-ext.snakeYamlVersion = project.snakeYamlVersion
-ext.orgJsonVersion = project.orgJsonVersion
-ext.picocliVersion = project.picocliVersion
-ext.stdlibGraphqlVersion = project.stdlibGraphqlVersion
-ext.puppycrawlCheckstyleVersion = project.puppycrawlCheckstyleVersion
-
 def packageName = "graphql"
 
 dependencies {
@@ -165,8 +152,6 @@ task codeCoverageReport(type: JacocoReport) {
 def artifactCacheParent = file("$project.projectDir/build/cache_parent/")
 def artifactLibParent = file("$project.projectDir/build/lib_parent/")
 def targetGraphqlCliJar = file("$project.rootDir/graphql-cli/build/libs/graphql-cli-${project.version}.jar")
-def targetGraphqlIDLPluginJar = file("$project.rootDir/graphql-tool-idl-plugin/build/libs/" +
-        "graphql-tool-idl-plugin-${project.version}.jar")
 def targetGraphqlBalServiceJar = file("$project.rootDir/graphql-schema-file-generator/build/libs/" +
         "graphql-schema-file-generator-${project.version}.jar")
 def targetGraphqlCodeGenJar = file("$project.rootDir/graphql-code-generator/build/libs/" +
@@ -185,10 +170,6 @@ task directoryBuild {
             from targetGraphqlCliJar
             into file("$artifactLibParent/libs")
         }
-        copy {
-            from targetGraphqlIDLPluginJar
-            into file("$artifactLibParent/libs")
-        }
         copy {
             from targetGraphqlBalServiceJar
             into file("$artifactLibParent/libs")

diff --git a/gradle.properties b/gradle.properties
@@ -14,7 +14,6 @@ commonsLang3Version=3.9
 commonsLoggingVersion=1.2
 commonsIoVersion=2.11.0
 graphqlJavaVersion=17.2
-googleGuavaVersion=32.1.2-jre
 snakeYamlVersion=2.0
 orgJsonVersion=20231013
 picocliVersion=4.7.4

diff --git a/graphql-cli/build.gradle b/graphql-cli/build.gradle
@@ -47,13 +47,12 @@ dependencies {
     testImplementation "org.testng:testng:${testngVersion}"
     testImplementation "org.apache.commons:commons-lang3:${commonsLang3Version}"
     implementation "commons-io:commons-io:${commonsIoVersion}"
-    implementation "commons-logging:commons-logging:${commonsLoggingVersion}" // NEW
-    implementation "org.yaml:snakeyaml:${snakeYamlVersion}" // NEW
-    implementation "com.graphql-java:graphql-java:${graphqlJavaVersion}" // NEW
-    implementation "org.json:json:${orgJsonVersion}" // NEW
-    dist "com.graphql-java:graphql-java:${graphqlJavaVersion}" // NEW
-    dist "com.google.guava:guava:${googleGuavaVersion}" // NEW
-    dist "org.json:json:${orgJsonVersion}" // NEW
+    implementation "commons-logging:commons-logging:${commonsLoggingVersion}"
+    implementation "org.yaml:snakeyaml:${snakeYamlVersion}"
+    implementation "com.graphql-java:graphql-java:${graphqlJavaVersion}"
+    implementation "org.json:json:${orgJsonVersion}"
+    dist "com.graphql-java:graphql-java:${graphqlJavaVersion}"
+    dist "org.json:json:${orgJsonVersion}"
     dist "io.ballerina.stdlib:graphql-commons:${stdlibGraphqlVersion}"
 
     balTools ("org.ballerinalang:jballerina-tools:${ballerinaLangVersion}") {