Hi Just an updated on the development of moving to a newer version of grqphql-java:
Testing with Sling Graphql Core and AEM I did test graphql-java 17.4 and 20.0 and both versions seems to work just fine even though 20.0 does lead to a PAX testing issue in Sling Graphql Core but I think that’s not a big issue. There are a few issues that I am working out with the graphql-java team: - sun.misc is imported in the bundle (resolved) - MANIFEST.MF is not 1st entry in the JAR file (work in progresss) Cheers - Andy > On Feb 3, 2023, at 10:25 AM, Andreas Schaefer <[email protected]> > wrote: > > Right now I am having issues with the SelectionSetWrapper and > SelectedFieldWrapper. The way graphql-java is providing the > DataFetchingFieldSelectionSet is quite different and I am not sure how to > handle it. > > The big difference is that there are no sub fields anymore and also no > InlineFragment vs Field. The Inline Fragment is not part of the Object Type > and a field name with different object types are combined into one. This > means I need to handle Object Types either in the caller to create one > SelectedFieldWrapper for each type or change the entire logic and make the > Sling Graphql Core work similar to graphql-java. > > I will start without changing Sling and then see if it works out. > > - Andy > >> On Feb 3, 2023, at 9:03 AM, Radu Cotescu <[email protected]> wrote: >> >> Hi Andy, >> >>> On 3 Feb 2023, at 16:40, Andreas Schaefer <[email protected]> wrote: >>> >>> Hi >>> >>> I am tasked with upgrading grqaphql-java for AEM to at least 17.4 because >>> of a vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-37734 >>> >>> I saw that Radu created a ticket for upgrading to graphql-java 17: >>> https://github.com/graphql-java/graphql-java/releases/tag/v17.0 >>> >>> I assigned that ticket to me and will see what needs to be done to make >>> this work in Sling as well as in AEM. >>> >>> Let me know if you have any objections or already worked on it. >>> >>> Thanks - Andy Schaefer >> >> No objections on my side. I started looking into this [0], but didn’t get to >> commit anything. I remember I had issues with dynamically registering our >> Sling directives [1], but I had to switch to a different task and forgot >> about [0]. >> >> Thanks, >> Radu >> >> [0] - https://issues.apache.org/jira/browse/SLING-10900 >> [1] - >> https://github.com/apache/sling-org-apache-sling-graphql-core/blob/0b1c1dd72ed04324ea84d2227c3223ec65b0b21e/src/main/java/org/apache/sling/graphql/core/directives/Directives.java >> >
