dependabot: bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 #3392

dependabot · 2023-09-25T06:28:55Z

Bumps org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4.

Release notes

Sourced from org.xerial.snappy:snappy-java's releases.

v1.1.10.4

What's Changed

Security Fix

Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by @tunnelshade (code change)

This does not affect users only using Snappy.compress/uncompress methods

🚀 Features

feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by @xerial in xerial/snappy-java#508

Support JDK21 (no internal change)

🔗 Dependency Updates

Update scalafmt-core to 3.7.11 by @xerial-bot in xerial/snappy-java#485

Update sbt to 1.9.3 by @xerial-bot in xerial/snappy-java#483

Update scalafmt-core to 3.7.12 by @xerial-bot in xerial/snappy-java#487

Bump actions/checkout from 3 to 4 by @dependabot in xerial/snappy-java#502

Update sbt to 1.9.4 by @xerial-bot in xerial/snappy-java#496

Update scalafmt-core to 3.7.14 by @xerial-bot in xerial/snappy-java#501

Update sbt to 1.9.6 by @xerial-bot in xerial/snappy-java#505

Update native libraries by @github-actions in xerial/snappy-java#503

🛠 Internal Updates

Update airframe-log to 23.7.4 by @xerial-bot in xerial/snappy-java#486

Update airframe-log to 23.8.0 by @xerial-bot in xerial/snappy-java#488

Update sbt-scalafmt to 2.5.2 by @xerial-bot in xerial/snappy-java#500

Update airframe-log to 23.8.6 by @xerial-bot in xerial/snappy-java#497

Update sbt-scalafmt to 2.5.1 by @xerial-bot in xerial/snappy-java#499

Update airframe-log to 23.9.1 by @xerial-bot in xerial/snappy-java#504

Update airframe-log to 23.9.2 by @xerial-bot in xerial/snappy-java#509

Other Changes

Update NOTICE by @imsudiproy in xerial/snappy-java#492

Full Changelog: xerial/snappy-java@v1.1.10.3...v1.1.10.4

Commits

9f8c3cf Merge pull request from GHSA-55g7-9cwv-5qfv
49d7001 Update airframe-log to 23.9.2 (#509)
1f07c31 Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (#503)
13f8db1 Update sbt to 1.9.6 (#505)
f2e97f2 feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...
98b2225 Update airframe-log to 23.9.1 (#504)
9f29b5c Update NOTICE (#492)
55639b5 Update sbt-scalafmt to 2.5.1 (#499)
a5d81a6 Update airframe-log to 23.8.6 (#497)
6495da1 Update scalafmt-core to 3.7.14 (#501)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.3 to 1.1.10.4. - [Release notes](https://github.com/xerial/snappy-java/releases) - [Commits](xerial/snappy-java@v1.1.10.3...v1.1.10.4) --- updated-dependencies: - dependency-name: org.xerial.snappy:snappy-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

codecov · 2023-09-25T06:33:33Z

Codecov Report

Merging #3392 (512ba96) into main (7f6944c) will decrease coverage by 0.03%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #3392      +/-   ##
============================================
- Coverage     64.24%   64.21%   -0.03%     
+ Complexity     3491     3489       -2     
============================================
  Files           264      264              
  Lines         20157    20157              
  Branches       3365     3365              
============================================
- Hits          12949    12944       -5     
- Misses         5527     5533       +6     
+ Partials       1681     1680       -1

see 1 file with indirect coverage changes

…1.10.3 to 1.1.10.4 (#3396) Backport dfecc00 from #3392. Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…1.10.3 to 1.1.10.4 (opensearch-project#3396) Backport dfecc00 from opensearch-project#3392. Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot requested review from cliu123, cwperks, DarshitChanpura, davidlago, peternied, RyanL1997, stephen-crawford, reta and willyborankin as code owners September 25, 2023 06:28

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 25, 2023

willyborankin approved these changes Sep 25, 2023

View reviewed changes

willyborankin added the backport 2.x backport to 2.x branch label Sep 25, 2023

reta approved these changes Sep 25, 2023

View reviewed changes

reta merged commit dfecc00 into main Sep 25, 2023
69 checks passed

reta deleted the dependabot/gradle/org.xerial.snappy-snappy-java-1.1.10.4 branch September 25, 2023 11:38

opensearch-trigger-bot bot mentioned this pull request Sep 25, 2023

[Backport 2.x] dependabot: bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 #3396

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dependabot: bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 #3392

dependabot: bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 #3392

dependabot bot commented on behalf of github Sep 25, 2023

codecov bot commented Sep 25, 2023 •

edited

Loading

dependabot: bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 #3392

dependabot: bump org.xerial.snappy:snappy-java from 1.1.10.3 to 1.1.10.4 #3392

Conversation

dependabot bot commented on behalf of github Sep 25, 2023

v1.1.10.4

What's Changed

Security Fix

🚀 Features

🔗 Dependency Updates

🛠 Internal Updates

Other Changes

codecov bot commented Sep 25, 2023 • edited Loading

Codecov Report

codecov bot commented Sep 25, 2023 •

edited

Loading