Update dependency org.xerial.snappy:snappy-java to v1.1.10.1

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.xerial.snappy:snappy-java	compile	patch	1.1.2 → 1.1.10.1

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
Medium	5.9	CVE-2023-34454

---

Release Notes

xerial/snappy-java (org.xerial.snappy:snappy-java)

v1.1.10.1

Compare Source

What's Changed

🐛 Bug Fixes

• Fixed several vulnerabilities by @​aidanchiu1112:
  • CVE-2023-34453 Integer overflow in shuffle
  • CVE-2023-34454 Integer overflow in compress
  • CVE-2023-34455 Unchecked chunk length
• internal: Fix commit message by @​xerial in #​447
• internal: Fix CI target branch by @​xerial in #​449
• Fix typo by @​aidanchiu1112 in #​457
• CI Fix to Prevent Checks Dealing with Large Array Sizes by @​aidanchiu1112 in #​459

🔗 Dependency Updates

• Update native libraries by @​github-actions in #​445
• Update native libraries by @​github-actions in #​450
• Update scalafmt-core to 3.7.4 by @​xerial-bot in #​454
• Update sbt to 1.9.0 by @​xerial-bot in #​455

🛠 Internal Updates

• Trigger native lib build on PR by @​imsudiproy in #​444
• internal: Run CI tests on native file change by @​xerial in #​446
• internal: Run CI tests for update-native-libs branch by @​xerial in #​448
• intertnal: Fix CI watch target files by @​xerial in #​451
• Update airframe-log to 23.5.6 by @​xerial-bot in #​453

New Contributors

• @​imsudiproy made their first contribution in #​444
• @​github-actions made their first contribution in #​445
• @​aidanchiu1112 made their first contribution in #​457

Full Changelog: xerial/snappy-java@v1.1.10.0...v1.1.10.1

v1.1.10.0

Compare Source

What's Changed

Upgraded the underlying Snappy version to 1.1.10. Since this version, the version number implies (original snappy version).(patch version).

🚀 Features

• Upgrade to Snappy 1.1.10 by @​xerial in #​431
• Add Linux-riscv64 support by @​luhenry in #​396
• Build native libraries for s390x by @​sudip-ibm in #​416
• add workaround for resource management issue in URLClassloader by @​jizhilong in #​412
• Rebuild Linux Arm binaries with LTS version of cross-compiles using glibc 2.28 by @​xerial in #​436
• Feature: Use LTS cross-compiler for Linux armv6/armv7 to use glibc 2.28 by @​xerial in #​440
• Feature: Android arm64 support by @​xerial in #​442

🔗 Dependency Updates

• Bump olafurpg/setup-scala from 13 to 14 by @​dependabot in #​398
• Update scalafmt-core to 3.7.2 by @​xerial-bot in #​399
• Update scalafmt-core to 3.7.3 by @​xerial-bot in #​410
• Update sbt to 1.8.3 by @​xerial-bot in #​430

🛠 Internal Updates

• Update airframe-log to 23.2.0 by @​xerial-bot in #​391
• Update airframe-log to 23.2.4 by @​xerial-bot in #​395
• Update airframe-log to 23.2.5 by @​xerial-bot in #​397
• Update airframe-log to 23.3.0 by @​xerial-bot in #​401
• Update sbt-sonatype to 3.9.18 by @​xerial-bot in #​402
• Update airframe-log to 23.3.2 by @​xerial-bot in #​404
• Update airframe-log to 23.3.3 by @​xerial-bot in #​406
• Update airframe-log to 23.3.4 by @​xerial-bot in #​409
• Update airframe-log to 23.4.0 by @​xerial-bot in #​413
• Update airframe-log to 23.4.8 by @​xerial-bot in #​423
• Update sbt-sonatype to 3.9.20 by @​xerial-bot in #​427
• Update airframe-log to 23.5.3 by @​xerial-bot in #​428
• Update sbt-sonatype to 3.9.21 by @​xerial-bot in #​432
• internal: Release note generation automation by @​xerial in #​433
• Release snapshot versions when native libs are updated by @​xerial in #​438
• Update airframe-log to 23.5.4 by @​xerial-bot in #​434
• Update airframe-log to 23.5.5 by @​xerial-bot in #​441

New Contributors

• @​luhenry made their first contribution in #​396
• @​sudip-ibm made their first contribution in #​416
• @​jizhilong made their first contribution in #​412

Full Changelog: xerial/snappy-java@v1.1.9.1...v1.1.10.0

v1.1.9.1

Compare Source

What's Changed

• Removed snappy debug assertion with -DNDEBUG c++ flag @​xerial (#​386) It produces smaller native libraries

🐛 Bug Fixes

• Fix java8 compatibility #​389 @​xerial (#​390)

🔗 Dependency Updates

• Update org.osgi.core to 6.0.0 @​xerial-bot (#​387)

🛠 Internal Updates

• Update sbt script @​xerial (#​385)
• Update airframe-log to 23.1.4 @​xerial-bot (#​383)
• Update org.osgi.core to 4.3.1 @​xerial-bot (#​315)

Full Changelog: xerial/snappy-java@v1.1.9.0...v1.1.10

v1.1.9.0

Compare Source

What's Changed

This version upgrades the native libraries to Snappy 1.1.9. Currently, only a limited number of platforms are supported, including:

• Win32/64 (Only Intel)
• Mac64 (Intel, M1, M2). We no longer support Mac32
• Linux32, 64 (Intel, Arm), arm, armv6, armv7
• android-arm32
• ppc64le, ppc64

If you need more platform support, send a PR to build a native library with a docker-based cross compiler (See Makefile and Makefile.common for the reference). If a cross compiler for your platform is not available, create a PR with a native library built with make native command.

🚀 Features

• Add uncompressDoubleArray that takes offset and length @​ashley-taylor (#​307)
• Build native library for Snappy 1.1.9 @​xerial (#​380)
• Upgrade to snappy-1.1.9 @​xerial (#​379)
• Add Java 17 build test to GitHub action @​wangyum (#​346)
• Adding ppc64le support in Travis @​Abhijit-Mane (#​286)
• Build on riscv64 @​zinovya (#​283)
• Upgrade bitshuffle to 0.3.4 (#​380)

👋 Deprecated

• Removed pure-java support @​xerial (#​381) because it may cause data corruption.

Bug Fixes

• Use original compressed and uncompressed buffer's position @​viirya (#​293)
• #​302 Fixed running snappy-java as OSGi bundle on Apple Silicon (M1 Pro) @​zh-muxa (#​303)
• Avoid explicit class name in throw_exception @​viirya (#​291)

🔗 Dependency Updates

• Update airframe-log to 22.9.3 @​xerial-bot (#​349)
• Update hadoop-common to 2.7.7 @​xerial-bot (#​313)
• Update scalafmt-core to 3.5.9 @​xerial-bot (#​344)
• Update airframe-log to 22.9.2 @​xerial-bot (#​347)
• Update scalafmt-core to 2.7.5 @​xerial-bot (#​323)
• Update sbt to 1.7.1 @​xerial-bot (#​336)
• Update airframe-log to 22.9.0 @​xerial-bot (#​343)
• Update sbt-scalafmt to 2.4.6 @​xerial-bot (#​317)
• Update scalafmt-core to 2.6.4 @​xerial-bot (#​318)
• Update airframe-log to 21.12.1 @​xerial-bot (#​319)
• Update sbt-sonatype to 3.9.13 @​xerial-bot (#​320)
• Update sbt to 1.6.2 @​xerial-bot (#​321)
• Update sbt to 1.5.8 @​xerial-bot (#​316)
• Update sbt-osgi to 0.9.6 @​xerial-bot (#​312)
• Update junit-interface to 0.13.3 @​xerial-bot (#​311)
• Upgrade sbt to 1.5.6 @​xerial (#​301)
• Bump olafurpg/setup-scala from 10 to 13 @​dependabot (#​375)
• Bump actions/checkout from 2 to 3 @​dependabot (#​376)
• Bump actions/cache from 1 to 3 @​dependabot (#​377)
• Update scalafmt-core to 3.7.1 @​xerial-bot (#​368)
• Update sbt to 1.8.2 @​xerial-bot (#​366)
• Update sbt to 1.7.3 @​xerial-bot (#​355)

🛠 Internal Updates

• Add release drafter @​xerial (#​378)
• Add dependabot @​xerial (#​374)
• Add scalafmt dialect @​xerial (#​373)
• Add release automation workflow @​xerial (#​384)
• Update airframe-log to 22.12.6 @​xerial-bot (#​372)
• Update hadoop-common to 2.10.2 @​xerial-bot (#​371)
• Update sbt-pgp to 2.2.1 @​xerial-bot (#​361)
• Update plexus-classworlds to 2.7.0 @​xerial-bot (#​359)
• Update sbt-scalafmt to 2.5.0 @​xerial-bot (#​358)
• Update sbt-sonatype to 3.9.17 @​xerial-bot (#​370)
• Update sbt-sonatype to 3.9.15 @​xerial-bot (#​360)
• Update sbt-sonatype to 3.9.14 @​xerial-bot (#​357)

📚 Docs

• Remove pure-java support @​xerial (#​381)
• Fix links in Javadoc badge @​valery1707 (#​350)
• Fix links into benchmark results @​valery1707 (#​351)
• Fixes #​280 Typo - java.io.tmpdir not java.io.tempdir @​lehnerj (#​325)
• Small typo fix @​atisvagyok (#​294)

Full Changelog: xerial/snappy-java@1.1.8.4...v1.1.9

v1.1.8.4

Compare Source

This version has been created because of an issue in Maven central synchronization. This version has no change with 1.1.8.3

v1.1.8.3

Compare Source

• Made pure-java Snappy thread-safe #​271
• Improved SnappyFramedInput/OutputStream performance by using java.util.zip.CRC32C #​269

v1.1.8.2

Compare Source

• Support Apple Silicon (M1, Mac-aarch64)
• Fixed the pure-java Snappy fallback logic when no native library for your platform is found.

v1.1.8.1

Compare Source

• Fixed an initialization issue when using a recent Mac OS X version #​265

v1.1.8

Compare Source

• Upgrade to Snappy 1.1.8 with small performance improvements.
• Big-endian architecture support for pure-java Snappy implementation.
• linux-aarch64 (arm64) binary embeds libstdc++ for portability (Since 1.1.7.8)

v1.1.7.8

Compare Source

v1.1.7.7

Compare Source

• Fixed JDK8 compatibility issue #​251 by re-compiling snappy-java with JDK8

v1.1.7.6

Compare Source

https://github.com/xerial/snappy-java/blob/master/Milestone.md#snappy-java-1176-2020-06-26

• Added an experimental pure-java Snappy support as a fallback if no native library is found to the target platform
• Changed the minimum JDK version requirement to 1.8

v1.1.7.5

Compare Source

v1.1.7.4

Compare Source

v1.1.7.3

Compare Source

v1.1.7.2

Compare Source

v1.1.7.1

Compare Source

v1.1.7

Compare Source

https://github.com/xerial/snappy-java/blob/master/Milestone.md#snappy-java-117-2017-11-30

v1.1.4

Compare Source

v1.1.2.6

Compare Source

v1.1.2.5

Compare Source

v1.1.2.4

Compare Source

Performance improvement of SnappyInput/OutputStream.

v1.1.2.3

Compare Source

v1.1.2.2

Compare Source

v1.1.2.1

Compare Source

---

• If you want to rebase/retry this PR, check this box