Update dependency org.xerial.snappy:snappy-java to v1.1.10.4 #45

mend-for-github-com · 2024-02-05T02:48:47Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.xerial.snappy:snappy-java	`1.1.8.4` -> `1.1.10.4`

By merging this PR, the issue #46 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.5	CVE-2023-34455
High	7.5	CVE-2023-43642
Medium	5.9	CVE-2023-34453
Medium	5.9	CVE-2023-34454

Release Notes

xerial/snappy-java (org.xerial.snappy:snappy-java)

`v1.1.10.4`

What's Changed

Security Fix

CVE-2023-43642 Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by @tunnelshade (code change)
- This does not affect users only using Snappy.compress/uncompress methods

🚀 Features

feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by @xerial in https://github.com/xerial/snappy-java/pull/508
Support JDK21 (no internal change)

`v1.1.10.3`

What's Changed

🐛 Bug Fixes

Fix the GLIBC_2.32 not found issue of libsnappyjava.so in certain Linux distributions on s390x by @kun-lu20 in https://github.com/xerial/snappy-java/pull/481

🔗 Dependency Updates

Update scalafmt-core to 3.7.10 by @xerial-bot in https://github.com/xerial/snappy-java/pull/480
Update native libraries by @github-actions in https://github.com/xerial/snappy-java/pull/482

New Contributors

@kun-lu20 made their first contribution in https://github.com/xerial/snappy-java/pull/481

Full Changelog: xerial/snappy-java@v1.1.10.2...v1.1.10.3

`v1.1.10.2`

What's Changed

🐛 Bug Fixes

Update libsnappy.so for s390x by @namrata-ibm in https://github.com/xerial/snappy-java/pull/474

🔗 Dependency Updates

Update sbt to 1.9.1 by @xerial-bot in https://github.com/xerial/snappy-java/pull/467
Update scalafmt-core to 3.7.6 by @xerial-bot in https://github.com/xerial/snappy-java/pull/470
Update scalafmt-core to 3.7.7 by @xerial-bot in https://github.com/xerial/snappy-java/pull/472
Update native libraries by @github-actions in https://github.com/xerial/snappy-java/pull/475
Update scalafmt-core to 3.7.9 by @xerial-bot in https://github.com/xerial/snappy-java/pull/478
Update sbt to 1.9.2 by @xerial-bot in https://github.com/xerial/snappy-java/pull/476

🛠 Internal Updates

Update airframe-log to 23.5.7 by @xerial-bot in https://github.com/xerial/snappy-java/pull/458
Update airframe-log to 23.6.0 by @xerial-bot in https://github.com/xerial/snappy-java/pull/460
Update sbt-dynver to 5.0.1 by @xerial-bot in https://github.com/xerial/snappy-java/pull/461
Update airframe-log to 23.6.1 by @xerial-bot in https://github.com/xerial/snappy-java/pull/463
Update airframe-log to 23.6.2 by @xerial-bot in https://github.com/xerial/snappy-java/pull/465
Update airframe-log to 23.7.0 by @xerial-bot in https://github.com/xerial/snappy-java/pull/471
Update airframe-log to 23.7.1 by @xerial-bot in https://github.com/xerial/snappy-java/pull/473
Update airframe-log to 23.7.2 by @xerial-bot in https://github.com/xerial/snappy-java/pull/479

Full Changelog: xerial/snappy-java@v1.1.10.1...v1.1.10.2

`v1.1.10.1`

What's Changed

🐛 Bug Fixes

Fixed several vulnerabilities by @aidanchiu1112:
internal: Fix commit message by @xerial in https://github.com/xerial/snappy-java/pull/447
internal: Fix CI target branch by @xerial in https://github.com/xerial/snappy-java/pull/449
Fix typo by @aidanchiu1112 in https://github.com/xerial/snappy-java/pull/457
CI Fix to Prevent Checks Dealing with Large Array Sizes by @aidanchiu1112 in https://github.com/xerial/snappy-java/pull/459

🔗 Dependency Updates

Update native libraries by @github-actions in https://github.com/xerial/snappy-java/pull/445
Update native libraries by @github-actions in https://github.com/xerial/snappy-java/pull/450
Update scalafmt-core to 3.7.4 by @xerial-bot in https://github.com/xerial/snappy-java/pull/454
Update sbt to 1.9.0 by @xerial-bot in https://github.com/xerial/snappy-java/pull/455

🛠 Internal Updates

Trigger native lib build on PR by @imsudiproy in https://github.com/xerial/snappy-java/pull/444
internal: Run CI tests on native file change by @xerial in https://github.com/xerial/snappy-java/pull/446
internal: Run CI tests for update-native-libs branch by @xerial in https://github.com/xerial/snappy-java/pull/448
intertnal: Fix CI watch target files by @xerial in https://github.com/xerial/snappy-java/pull/451
Update airframe-log to 23.5.6 by @xerial-bot in https://github.com/xerial/snappy-java/pull/453

New Contributors

@imsudiproy made their first contribution in https://github.com/xerial/snappy-java/pull/444
@github-actions made their first contribution in https://github.com/xerial/snappy-java/pull/445
@aidanchiu1112 made their first contribution in https://github.com/xerial/snappy-java/pull/457

Full Changelog: xerial/snappy-java@v1.1.10.0...v1.1.10.1

`v1.1.10.0`

What's Changed

Upgraded the underlying Snappy version to 1.1.10. Since this version, the version number implies (original snappy version).(patch version).

🚀 Features

Upgrade to Snappy 1.1.10 by @xerial in https://github.com/xerial/snappy-java/pull/431
Add Linux-riscv64 support by @luhenry in https://github.com/xerial/snappy-java/pull/396
Build native libraries for s390x by @sudip-ibm in https://github.com/xerial/snappy-java/pull/416
add workaround for resource management issue in URLClassloader by @jizhilong in https://github.com/xerial/snappy-java/pull/412
Rebuild Linux Arm binaries with LTS version of cross-compiles using glibc 2.28 by @xerial in https://github.com/xerial/snappy-java/pull/436
Feature: Use LTS cross-compiler for Linux armv6/armv7 to use glibc 2.28 by @xerial in https://github.com/xerial/snappy-java/pull/440
Feature: Android arm64 support by @xerial in https://github.com/xerial/snappy-java/pull/442

🔗 Dependency Updates

Bump olafurpg/setup-scala from 13 to 14 by @dependabot in https://github.com/xerial/snappy-java/pull/398
Update scalafmt-core to 3.7.2 by @xerial-bot in https://github.com/xerial/snappy-java/pull/399
Update scalafmt-core to 3.7.3 by @xerial-bot in https://github.com/xerial/snappy-java/pull/410
Update sbt to 1.8.3 by @xerial-bot in https://github.com/xerial/snappy-java/pull/430

🛠 Internal Updates

Update airframe-log to 23.2.0 by @xerial-bot in https://github.com/xerial/snappy-java/pull/391
Update airframe-log to 23.2.4 by @xerial-bot in https://github.com/xerial/snappy-java/pull/395
Update airframe-log to 23.2.5 by @xerial-bot in https://github.com/xerial/snappy-java/pull/397
Update airframe-log to 23.3.0 by @xerial-bot in https://github.com/xerial/snappy-java/pull/401
Update sbt-sonatype to 3.9.18 by @xerial-bot in https://github.com/xerial/snappy-java/pull/402
Update airframe-log to 23.3.2 by @xerial-bot in https://github.com/xerial/snappy-java/pull/404
Update airframe-log to 23.3.3 by @xerial-bot in https://github.com/xerial/snappy-java/pull/406
Update airframe-log to 23.3.4 by @xerial-bot in https://github.com/xerial/snappy-java/pull/409
Update airframe-log to 23.4.0 by @xerial-bot in https://github.com/xerial/snappy-java/pull/413
Update airframe-log to 23.4.8 by @xerial-bot in https://github.com/xerial/snappy-java/pull/423
Update sbt-sonatype to 3.9.20 by @xerial-bot in https://github.com/xerial/snappy-java/pull/427
Update airframe-log to 23.5.3 by @xerial-bot in https://github.com/xerial/snappy-java/pull/428
Update sbt-sonatype to 3.9.21 by @xerial-bot in https://github.com/xerial/snappy-java/pull/432
internal: Release note generation automation by @xerial in https://github.com/xerial/snappy-java/pull/433
Release snapshot versions when native libs are updated by @xerial in https://github.com/xerial/snappy-java/pull/438
Update airframe-log to 23.5.4 by @xerial-bot in https://github.com/xerial/snappy-java/pull/434
Update airframe-log to 23.5.5 by @xerial-bot in https://github.com/xerial/snappy-java/pull/441

New Contributors

@luhenry made their first contribution in https://github.com/xerial/snappy-java/pull/396
@sudip-ibm made their first contribution in https://github.com/xerial/snappy-java/pull/416
@jizhilong made their first contribution in https://github.com/xerial/snappy-java/pull/412

Full Changelog: xerial/snappy-java@v1.1.9.1...v1.1.10.0

`v1.1.9.1`

What's Changed

Removed snappy debug assertion with -DNDEBUG c++ flag @xerial (#386) It produces smaller native libraries

🐛 Bug Fixes

Fix java8 compatibility #389 @xerial (#390)

🔗 Dependency Updates

Update org.osgi.core to 6.0.0 @xerial-bot (#387)

🛠 Internal Updates

Update sbt script @xerial (#385)
Update airframe-log to 23.1.4 @xerial-bot (#383)
Update org.osgi.core to 4.3.1 @xerial-bot (#315)

Full Changelog: xerial/snappy-java@v1.1.9.0...v1.1.10

`v1.1.9.0`

What's Changed

This version upgrades the native libraries to Snappy 1.1.9. Currently, only a limited number of platforms are supported, including:

Win32/64 (Only Intel)
Mac64 (Intel, M1, M2). We no longer support Mac32
Linux32, 64 (Intel, Arm), arm, armv6, armv7
android-arm32
ppc64le, ppc64

If you need more platform support, send a PR to build a native library with a docker-based cross compiler (See Makefile and Makefile.common for the reference). If a cross compiler for your platform is not available, create a PR with a native library built with make native command.

🚀 Features

Add uncompressDoubleArray that takes offset and length @ashley-taylor (#307)
Build native library for Snappy 1.1.9 @xerial (#380)
Upgrade to snappy-1.1.9 @xerial (#379)
Add Java 17 build test to GitHub action @wangyum (#346)
Adding ppc64le support in Travis @Abhijit-Mane (#286)
Build on riscv64 @zinovya (#283)
Upgrade bitshuffle to 0.3.4 (#380)

👋 Deprecated

Removed pure-java support @xerial (#381) because it may cause data corruption.

Bug Fixes

Use original compressed and uncompressed buffer's position @viirya (#293)
#302 Fixed running snappy-java as OSGi bundle on Apple Silicon (M1 Pro) @zh-muxa (#303)
Avoid explicit class name in throw_exception @viirya (#291)

🔗 Dependency Updates

Update airframe-log to 22.9.3 @xerial-bot (#349)
Update hadoop-common to 2.7.7 @xerial-bot (#313)
Update scalafmt-core to 3.5.9 @xerial-bot (#344)
Update airframe-log to 22.9.2 @xerial-bot (#347)
Update scalafmt-core to 2.7.5 @xerial-bot (#323)
Update sbt to 1.7.1 @xerial-bot (#336)
Update airframe-log to 22.9.0 @xerial-bot (#343)
Update sbt-scalafmt to 2.4.6 @xerial-bot (#317)
Update scalafmt-core to 2.6.4 @xerial-bot (#318)
Update airframe-log to 21.12.1 @xerial-bot (#319)
Update sbt-sonatype to 3.9.13 @xerial-bot (#320)
Update sbt to 1.6.2 @xerial-bot (#321)
Update sbt to 1.5.8 @xerial-bot (#316)
Update sbt-osgi to 0.9.6 @xerial-bot (#312)
Update junit-interface to 0.13.3 @xerial-bot (#311)
Upgrade sbt to 1.5.6 @xerial (#301)
Bump olafurpg/setup-scala from 10 to 13 @dependabot (#375)
Bump actions/checkout from 2 to 3 @dependabot (#376)
Bump actions/cache from 1 to 3 @dependabot (#377)
Update scalafmt-core to 3.7.1 @xerial-bot (#368)
Update sbt to 1.8.2 @xerial-bot (#366)
Update sbt to 1.7.3 @xerial-bot (#355)

🛠 Internal Updates

Add release drafter @xerial (#378)
Add dependabot @xerial (#374)
Add scalafmt dialect @xerial (#373)
Add release automation workflow @xerial (#384)
Update airframe-log to 22.12.6 @xerial-bot (#372)
Update hadoop-common to 2.10.2 @xerial-bot (#371)
Update sbt-pgp to 2.2.1 @xerial-bot (#361)
Update plexus-classworlds to 2.7.0 @xerial-bot (#359)
Update sbt-scalafmt to 2.5.0 @xerial-bot (#358)
Update sbt-sonatype to 3.9.17 @xerial-bot (#370)
Update sbt-sonatype to 3.9.15 @xerial-bot (#360)
Update sbt-sonatype to 3.9.14 @xerial-bot (#357)

📚 Docs

Remove pure-java support @xerial (#381)
Fix links in Javadoc badge @valery1707 (#350)
Fix links into benchmark results @valery1707 (#351)
Fixes #280 Typo - java.io.tmpdir not java.io.tempdir @lehnerj (#325)
Small typo fix @atisvagyok (#294)

Full Changelog: xerial/snappy-java@1.1.8.4...v1.1.9

If you want to rebase/retry this PR, check this box

Update dependency org.xerial.snappy:snappy-java to v1.1.10.4

ba6d6ea

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency org.xerial.snappy:snappy-java to v1.1.10.4 #45

Update dependency org.xerial.snappy:snappy-java to v1.1.10.4 #45

mend-for-github-com bot commented Feb 5, 2024 •

edited

Loading

Update dependency org.xerial.snappy:snappy-java to v1.1.10.4 #45

Are you sure you want to change the base?

Update dependency org.xerial.snappy:snappy-java to v1.1.10.4 #45

Conversation

mend-for-github-com bot commented Feb 5, 2024 • edited Loading

Release Notes

v1.1.10.4

What's Changed

Security Fix

🚀 Features

🔗 Dependency Updates

🛠 Internal Updates

Other Changes

v1.1.10.3

What's Changed

🐛 Bug Fixes

🔗 Dependency Updates

New Contributors

v1.1.10.2

What's Changed

🐛 Bug Fixes

🔗 Dependency Updates

🛠 Internal Updates

v1.1.10.1

What's Changed

🐛 Bug Fixes

🔗 Dependency Updates

🛠 Internal Updates

New Contributors

v1.1.10.0

What's Changed

🚀 Features

🔗 Dependency Updates

🛠 Internal Updates

New Contributors

v1.1.9.1

What's Changed

🐛 Bug Fixes

🔗 Dependency Updates

🛠 Internal Updates

v1.1.9.0

What's Changed

🚀 Features

👋 Deprecated

Bug Fixes

🔗 Dependency Updates

🛠 Internal Updates

📚 Docs

mend-for-github-com bot commented Feb 5, 2024 •

edited

Loading

`v1.1.10.4`

`v1.1.10.3`

`v1.1.10.2`

`v1.1.10.1`

`v1.1.10.0`

`v1.1.9.1`

`v1.1.9.0`