Update guava to 33.3.1-jre

dkropachev · dkropachev · commit ef60c8f98882 · 2025-12-08T22:05:44.000-04:00
It fixes ~8 vulnurabilities that comming from guava dependency.
diff --git a/driver-core/src/main/java/com/datastax/driver/core/GuavaCompatibility.java b/driver-core/src/main/java/com/datastax/driver/core/GuavaCompatibility.java
@@ -17,32 +17,23 @@
 
 import com.datastax.driver.core.exceptions.DriverInternalError;
 import com.google.common.base.Function;
-import com.google.common.collect.BiMap;
-import com.google.common.collect.Maps;
 import com.google.common.net.HostAndPort;
 import com.google.common.reflect.TypeToken;
 import com.google.common.util.concurrent.AsyncFunction;
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.MoreExecutors;
-import java.lang.reflect.ParameterizedType;
-import java.lang.reflect.Type;
-import java.util.Map;
 import java.util.concurrent.Executor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * A compatibility layer to support a wide range of Guava versions.
  *
- * <p>The driver is compatible with Guava 16.0.1 or higher, but Guava 20 introduced incompatible
- * breaking changes in its API, that could in turn be breaking for legacy driver clients if we
- * simply upgraded our dependency. We don't want to increment our major version "just" for Guava (we
- * have other changes planned).
+ * <p>The driver is compatible with Guava 19.0 or higher.
  *
- * <p>Therefore we depend on Guava 19, which has both the deprecated and the new APIs, and detect
- * the actual version at runtime in order to call the relevant methods.
+ * <p>We detect the actual version at runtime in order to call the relevant methods.
  *
  * <p>This is a hack, and might not work with subsequent Guava releases; the real fix is to stop
  * exposing Guava in our public API. We'll address that in version 4 of the driver.
@@ -188,84 +179,18 @@ public abstract <I, O> ListenableFuture<O> transformAsync(
    * <p>The method {@code HostAndPort.getHostText} has been replaced with {@code
    * HostAndPort.getHost} starting with Guava 20.0; it has been completely removed in Guava 22.0.
    */
-  @SuppressWarnings("JavaReflectionMemberAccess")
   public String getHost(HostAndPort hostAndPort) {
-    try {
-      // Guava >= 20.0
-      return (String) HostAndPort.class.getMethod("getHost").invoke(hostAndPort);
-    } catch (Exception e) {
-      // Guava < 22.0
-      return hostAndPort.getHostText();
-    }
+    // Guava >= 20.0
+    return hostAndPort.getHost();
   }
 
   private static GuavaCompatibility selectImplementation() {
     if (isGuava_19_0_OrHigher()) {
       logger.info("Detected Guava >= 19 in the classpath, using modern compatibility layer");
       return new Version19OrHigher();
-    } else if (isGuava_16_0_1_OrHigher()) {
-      logger.info("Detected Guava < 19 in the classpath, using legacy compatibility layer");
-      return new Version18OrLower();
     } else {
       throw new DriverInternalError(
-          "Detected incompatible version of Guava in the classpath. "
-              + "You need 16.0.1 or higher.");
-    }
-  }
-
-  private static class Version18OrLower extends GuavaCompatibility {
-
-    @Override
-    public <V> ListenableFuture<V> withFallback(
-        ListenableFuture<? extends V> input, final AsyncFunction<Throwable, V> fallback) {
-      return Futures.withFallback(
-          input,
-          new com.google.common.util.concurrent.FutureFallback<V>() {
-            @Override
-            public ListenableFuture<V> create(Throwable t) throws Exception {
-              return fallback.apply(t);
-            }
-          });
-    }
-
-    @Override
-    public <V> ListenableFuture<V> withFallback(
-        ListenableFuture<? extends V> input,
-        final AsyncFunction<Throwable, V> fallback,
-        Executor executor) {
-      return Futures.withFallback(
-          input,
-          new com.google.common.util.concurrent.FutureFallback<V>() {
-            @Override
-            public ListenableFuture<V> create(Throwable t) throws Exception {
-              return fallback.apply(t);
-            }
-          },
-          executor);
-    }
-
-    @Override
-    public <I, O> ListenableFuture<O> transformAsync(
-        ListenableFuture<I> input, AsyncFunction<? super I, ? extends O> function) {
-      return Futures.transform(input, function);
-    }
-
-    @Override
-    public <I, O> ListenableFuture<O> transformAsync(
-        ListenableFuture<I> input,
-        AsyncFunction<? super I, ? extends O> function,
-        Executor executor) {
-      return Futures.transform(input, function, executor);
-    }
-
-    @Override
-    public boolean isSupertypeOf(TypeToken<?> target, TypeToken<?> argument) {
-      return target.isAssignableFrom(argument);
-    }
-
-    @Override
-    public Executor sameThreadExecutor() {
-      return MoreExecutors.sameThreadExecutor();
+          "Detected incompatible version of Guava in the classpath. " + "You need 19.0 or higher.");
     }
   }
 
@@ -319,30 +244,6 @@ private static boolean isGuava_19_0_OrHigher() {
         Executor.class);
   }
 
-  private static boolean isGuava_16_0_1_OrHigher() {
-    // Cheap check for < 16.0
-    if (!methodExists(Maps.class, "asConverter", BiMap.class)) {
-      return false;
-    }
-    // More elaborate check to filter out 16.0, which has a bug in TypeToken. We need 16.0.1.
-    boolean resolved = false;
-    TypeToken<Map<String, String>> mapOfString = TypeTokens.mapOf(String.class, String.class);
-    Type type = mapOfString.getType();
-    if (type instanceof ParameterizedType) {
-      ParameterizedType pType = (ParameterizedType) type;
-      Type[] types = pType.getActualTypeArguments();
-      if (types.length == 2) {
-        TypeToken valueType = TypeToken.of(types[1]);
-        resolved = valueType.getRawType().equals(String.class);
-      }
-    }
-    if (!resolved) {
-      logger.debug(
-          "Detected Guava issue #1635 which indicates that version 16.0 is in the classpath");
-    }
-    return resolved;
-  }
-
   private static boolean methodExists(
       Class<?> declaringClass, String methodName, Class<?>... parameterTypes) {
     try {
diff --git a/driver-core/src/test/java/com/datastax/driver/core/AbstractReconnectionHandlerTest.java b/driver-core/src/test/java/com/datastax/driver/core/AbstractReconnectionHandlerTest.java
@@ -263,7 +263,7 @@ public void should_yield_to_another_running_handler() {
    */
   @Test(groups = "unit")
   public void should_yield_to_another_handler_that_just_succeeded() {
-    future.set(Futures.immediateCheckedFuture(null));
+    future.set(Futures.immediateFuture(null));
 
     handler.start();
 
diff --git a/pom.xml b/pom.xml
@@ -55,7 +55,7 @@
         <log4j.version>1.2.17</log4j.version>
         <slf4j.version>1.7.36</slf4j.version>
         <slf4j-log4j12.version>1.7.36</slf4j-log4j12.version>
-        <guava.version>19.0</guava.version>
+        <guava.version>33.3.1-jre</guava.version>
         <netty.version>4.1.127.Final</netty.version>
         <netty-tcnative.artifact>netty-tcnative-boringssl-static</netty-tcnative.artifact>
         <netty-tcnative.version>2.0.70.Final</netty-tcnative.version>
@@ -543,7 +543,7 @@
                         </additionalJOptions>
                         <detectJavaApiLink>true</detectJavaApiLink>
                         <links>
-                            <link>https://google.github.io/guava/releases/19.0/api/docs/</link>
+                            <link>https://google.github.io/guava/releases/33.3.1-jre/api/docs/</link>
                             <link>http://netty.io/4.0/api/</link>
                             <link>http://www.joda.org/joda-time/apidocs/</link>
                             <link>http://fasterxml.github.io/jackson-core/javadoc/2.8/</link>
