CVE-2023-43642 Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by @tunnelshade (code change)
This does not affect users only using Snappy.compress/uncompress methods
🚀 Features
feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by @xerial in xerial/snappy-java#508
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps org.xerial.snappy:snappy-java from 1.1.8.4 to 1.1.10.5.
Release notes
Sourced from org.xerial.snappy:snappy-java's releases.
... (truncated)
Commits
08abfa4Update native libraries for 4b2c1e89a42bc1fc715199974140f93cefe37d71 (#521)4b2c1e8win-aarch64 (fix): Fix dll name (#520)0fff1acUpdate native libraries for e6d1196bc68dd76d19e915ee0124c4d42b020ef2 (#519)e6d1196internal fix: Use Windows-aarch64 target name and compiler options (#518)3c67a7bppc64-le (Fix): Use an LTS-version of cross-compiler for Linux ppc64-le (#516)67f5d26Bump jwlawson/actions-setup-cmake from 1.13 to 1.14 (#514)ee96b64Feature: Add Windows arm64 support (#511)0016fedFix GLIBC_2.32 not found error on IBM PowerPC LE RedHat 8.6 OS (required by /...681b2e1internal: Support JDK21 (#510)9f8c3cfMerge pull request from GHSA-55g7-9cwv-5qfvDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show