Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HBASE-28112 Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 #5436

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 25, 2023

Bumps org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4.

Release notes

Sourced from org.xerial.snappy:snappy-java's releases.

v1.1.10.4

What's Changed

Security Fix

  • Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by @​tunnelshade (code change)
    • This does not affect users only using Snappy.compress/uncompress methods

🚀 Features

  • feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by @​xerial in xerial/snappy-java#508
  • Support JDK21 (no internal change)

🔗 Dependency Updates

🛠 Internal Updates

Other Changes

Full Changelog: xerial/snappy-java@v1.1.10.3...v1.1.10.4

v1.1.10.3

What's Changed

🐛 Bug Fixes

🔗 Dependency Updates

New Contributors

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.1 to 1.1.10.4.
- [Release notes](https://github.com/xerial/snappy-java/releases)
- [Commits](xerial/snappy-java@v1.1.10.1...v1.1.10.4)

---
updated-dependencies:
- dependency-name: org.xerial.snappy:snappy-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 25, 2023
@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 24s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ master Compile Tests _
+1 💚 mvninstall 2m 55s master passed
+1 💚 compile 4m 38s master passed
+1 💚 spotless 0m 41s branch has no errors when running spotless:check.
_ Patch Compile Tests _
+1 💚 mvninstall 2m 36s the patch passed
+1 💚 compile 4m 39s the patch passed
+1 💚 javac 4m 39s the patch passed
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
+1 💚 xml 0m 2s The patch has no ill-formed XML file.
+1 💚 hadoopcheck 9m 27s Patch does not cause any errors with Hadoop 3.2.4 3.3.6.
+1 💚 spotless 0m 39s patch has no errors when running spotless:check.
_ Other Tests _
+1 💚 asflicense 0m 11s The patch does not generate ASF License warnings.
31m 58s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR #5436
Optional Tests dupname asflicense javac hadoopcheck spotless xml compile
uname Linux a959a1051f50 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision master / 79fbbc3
Default Java Eclipse Adoptium-11.0.17+8
Max. process+thread count 79 (vs. ulimit of 30000)
modules C: . U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/console
versions git=2.34.1 maven=3.8.6
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 13s Docker mode activated.
-0 ⚠️ yetus 0m 3s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
_ Prechecks _
_ master Compile Tests _
+1 💚 mvninstall 2m 56s master passed
+1 💚 compile 1m 55s master passed
+1 💚 shadedjars 4m 48s branch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 1m 54s master passed
_ Patch Compile Tests _
+1 💚 mvninstall 2m 32s the patch passed
+1 💚 compile 1m 53s the patch passed
+1 💚 javac 1m 53s the patch passed
+1 💚 shadedjars 4m 48s patch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 1m 51s the patch passed
_ Other Tests _
+1 💚 unit 276m 17s root in the patch passed.
305m 54s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR #5436
Optional Tests javac javadoc unit shadedjars compile
uname Linux 65d86cf3676e 5.4.0-156-generic #173-Ubuntu SMP Tue Jul 11 07:25:22 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision master / 79fbbc3
Default Java Eclipse Adoptium-11.0.17+8
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/testReport/
Max. process+thread count 8334 (vs. ulimit of 30000)
modules C: . U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/console
versions git=2.34.1 maven=3.8.6
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 31s Docker mode activated.
-0 ⚠️ yetus 0m 3s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
_ Prechecks _
_ master Compile Tests _
+1 💚 mvninstall 2m 31s master passed
+1 💚 compile 1m 36s master passed
+1 💚 shadedjars 4m 44s branch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 1m 25s master passed
_ Patch Compile Tests _
+1 💚 mvninstall 2m 12s the patch passed
+1 💚 compile 1m 37s the patch passed
+1 💚 javac 1m 37s the patch passed
+1 💚 shadedjars 4m 41s patch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 1m 23s the patch passed
_ Other Tests _
+1 💚 unit 366m 23s root in the patch passed.
393m 45s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR #5436
Optional Tests javac javadoc unit shadedjars compile
uname Linux 3078d793f8bf 5.4.0-163-generic #180-Ubuntu SMP Tue Sep 5 13:21:23 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision master / 79fbbc3
Default Java Temurin-1.8.0_352-b08
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/testReport/
Max. process+thread count 7765 (vs. ulimit of 30000)
modules C: . U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-5436/1/console
versions git=2.34.1 maven=3.8.6
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@Apache9 Apache9 changed the title Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 HBASE-28112 Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 Sep 26, 2023
@Apache9 Apache9 merged commit 6cb15b1 into master Sep 26, 2023
@dependabot dependabot bot deleted the dependabot/maven/org.xerial.snappy-snappy-java-1.1.10.4 branch September 26, 2023 07:29
Apache9 pushed a commit that referenced this pull request Sep 26, 2023
…0.4 (#5436)

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.1 to 1.1.10.4.
- [Release notes](https://github.com/xerial/snappy-java/releases)
- [Commits](xerial/snappy-java@v1.1.10.1...v1.1.10.4)

---
updated-dependencies:
- dependency-name: org.xerial.snappy:snappy-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Duo Zhang <[email protected]>
(cherry picked from commit 6cb15b1)
Apache9 pushed a commit that referenced this pull request Sep 26, 2023
…0.4 (#5436)

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.1 to 1.1.10.4.
- [Release notes](https://github.com/xerial/snappy-java/releases)
- [Commits](xerial/snappy-java@v1.1.10.1...v1.1.10.4)

---
updated-dependencies:
- dependency-name: org.xerial.snappy:snappy-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Duo Zhang <[email protected]>
(cherry picked from commit 6cb15b1)
Apache9 pushed a commit that referenced this pull request Sep 26, 2023
…0.4 (#5436)

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.1 to 1.1.10.4.
- [Release notes](https://github.com/xerial/snappy-java/releases)
- [Commits](xerial/snappy-java@v1.1.10.1...v1.1.10.4)

---
updated-dependencies:
- dependency-name: org.xerial.snappy:snappy-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Duo Zhang <[email protected]>
(cherry picked from commit 6cb15b1)
wchevreuil pushed a commit to wchevreuil/hbase that referenced this pull request Nov 2, 2023
…0.4 (apache#5436)

Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.10.1 to 1.1.10.4.
- [Release notes](https://github.com/xerial/snappy-java/releases)
- [Commits](xerial/snappy-java@v1.1.10.1...v1.1.10.4)

---
updated-dependencies:
- dependency-name: org.xerial.snappy:snappy-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Duo Zhang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants