Bump snappy-java from 1.1.8.4 to 1.1.10.1 in /fast-data-hub/fast-data-hub-core by dependabot[bot] · Pull Request #35 · openyeap/fd

dependabot · Jun 15, 2023

Bumps snappy-java from 1.1.8.4 to 1.1.10.1.

Release notes

v1.1.10.1

What's Changed

🐛 Bug Fixes

Fixed several vulnerabilities by @aidanchiu1112:

CVE-2023-34453 Integer overflow in shuffle

CVE-2023-34454 Integer overflow in compress

CVE-2023-34455 Unchecked chunk length

internal: Fix commit message by @xerial in xerial/snappy-java#447

internal: Fix CI target branch by @xerial in xerial/snappy-java#449

Fix typo by @aidanchiu1112 in xerial/snappy-java#457

CI Fix to Prevent Checks Dealing with Large Array Sizes by @aidanchiu1112 in xerial/snappy-java#459

🔗 Dependency Updates

Update native libraries by @github-actions in xerial/snappy-java#445

Update native libraries by @github-actions in xerial/snappy-java#450

Update scalafmt-core to 3.7.4 by @xerial-bot in xerial/snappy-java#454

Update sbt to 1.9.0 by @xerial-bot in xerial/snappy-java#455

🛠 Internal Updates

Trigger native lib build on PR by @imsudiproy in xerial/snappy-java#444

internal: Run CI tests on native file change by @xerial in xerial/snappy-java#446

internal: Run CI tests for update-native-libs branch by @xerial in xerial/snappy-java#448

intertnal: Fix CI watch target files by @xerial in xerial/snappy-java#451

Update airframe-log to 23.5.6 by @xerial-bot in xerial/snappy-java#453

New Contributors

@imsudiproy made their first contribution in xerial/snappy-java#444

@github-actions made their first contribution in xerial/snappy-java#445

@aidanchiu1112 made their first contribution in xerial/snappy-java#457

Full Changelog: xerial/snappy-java@v1.1.10.0...v1.1.10.1

v1.1.10.0

What's Changed

Upgraded the underlying Snappy version to 1.1.10. Since this version, the version number implies (original snappy version).(patch version).

🚀 Features

Upgrade to Snappy 1.1.10 by @xerial in xerial/snappy-java#431

Add Linux-riscv64 support by @luhenry in xerial/snappy-java#396

Build native libraries for s390x by @sudip-ibm in xerial/snappy-java#416

add workaround for resource management issue in URLClassloader by @jizhilong in xerial/snappy-java#412

Rebuild Linux Arm binaries with LTS version of cross-compiles using glibc 2.28 by @xerial in xerial/snappy-java#436

Feature: Use LTS cross-compiler for Linux armv6/armv7 to use glibc 2.28 by @xerial in xerial/snappy-java#440

Feature: Android arm64 support by @xerial in xerial/snappy-java#442

🔗 Dependency Updates

Bump olafurpg/setup-scala from 13 to 14 by @dependabot in xerial/snappy-java#398

Update scalafmt-core to 3.7.2 by @xerial-bot in xerial/snappy-java#399

... (truncated)

Commits

737f397 CI Fix to Prevent Checks Dealing with Large Array Sizes (#459)
d004255 Merge pull request from GHSA-fjpj-2g6w-x25r
3bf6785 Merge pull request from GHSA-qcwq-55hx-v3vh
820e2e0 Merge pull request from GHSA-pqr6-cmr2-h8hf
27e2ce0 Fix typo (#457)
f32d5b0 Update sbt to 1.9.0 (#455)
326f0b4 Update scalafmt-core to 3.7.4 (#454)
b389544 Update airframe-log to 23.5.6 (#453)
256691e Update native libraries for 2737ea41c48e9ac12caf342191e4756626d31585 (#450)
5c35a0f intertnal: Fix CI watch target files (#451)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [snappy-java](https://github.com/xerial/snappy-java) from 1.1.8.4 to 1.1.10.1. - [Release notes](https://github.com/xerial/snappy-java/releases) - [Commits](xerial/snappy-java@1.1.8.4...v1.1.10.1) --- updated-dependencies: - dependency-name: org.xerial.snappy:snappy-java dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump snappy-java from 1.1.8.4 to 1.1.10.1 in /fast-data-hub/fast-data-hub-core#35

dependabot bot commented on behalf of github Jun 15, 2023 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Search code, repositories, users, issues, pull requests...

Conversation

dependabot bot commented on behalf of github Jun 15, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.1.10.1

What's Changed

🐛 Bug Fixes

🔗 Dependency Updates

🛠 Internal Updates

New Contributors

v1.1.10.0

What's Changed

🚀 Features

🔗 Dependency Updates

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Jun 15, 2023 •

edited

Loading