(incubator-celeborn) branch main updated: upgrade snappy-java from 1.1.8.2 to 1.1.10.5

zhouky Mon, 11 Dec 2023 02:38:31 -0800

This is an automated email from the ASF dual-hosted git repository.

zhouky pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-celeborn.git



The following commit(s) were added to refs/heads/main by this push:
     new 80458d18f upgrade snappy-java from 1.1.8.2 to 1.1.10.5
80458d18f is described below

commit 80458d18fa74c34c5fe65718dd3b753c741b65f8
Author: pengqli <[email protected]>
AuthorDate: Mon Dec 11 18:38:06 2023 +0800

    upgrade snappy-java from 1.1.8.2 to 1.1.10.5
    
    ### What changes were proposed in this pull request?
    upgrade snappy-java from 1.1.8.2 to 1.1.10.5 reducing direct CVE 
vulnerabilities
    
    ### Why are the changes needed?
    The snappy-java 1.1.8.2 version has the follow CVE vulnerabilities, see
    https://scout.docker.com/vulnerabilities/id/CVE-2023-43642
    https://scout.docker.com/vulnerabilities/id/CVE-2023-34455
    
    ### Does this PR introduce _any_ user-facing change?
    No any user-facing change
    
    ### How was this patch tested?
    `./build/make-distribution.sh` to package and run test on the local
    
    Closes #2143 from dev-lpq/update_snappy_java.
    
    Authored-by: pengqli <[email protected]>
    Signed-off-by: zky.zhoukeyong <[email protected]>
---
 dev/deps/dependencies-client-flink-1.14 | 2 +-
 dev/deps/dependencies-client-flink-1.15 | 2 +-
 dev/deps/dependencies-client-flink-1.17 | 2 +-
 dev/deps/dependencies-client-flink-1.18 | 2 +-
 dev/deps/dependencies-client-mr         | 2 +-
 dev/deps/dependencies-client-spark-2.4  | 2 +-
 dev/deps/dependencies-client-spark-3.0  | 2 +-
 dev/deps/dependencies-client-spark-3.1  | 2 +-
 dev/deps/dependencies-client-spark-3.2  | 2 +-
 dev/deps/dependencies-client-spark-3.3  | 2 +-
 dev/deps/dependencies-client-spark-3.4  | 2 +-
 dev/deps/dependencies-client-spark-3.5  | 2 +-
 dev/deps/dependencies-server            | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/dev/deps/dependencies-client-flink-1.14 
b/dev/deps/dependencies-client-flink-1.14
index 64a4ba77d..fb8f3f7df 100644
--- a/dev/deps/dependencies-client-flink-1.14
+++ b/dev/deps/dependencies-client-flink-1.14
@@ -81,5 +81,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-flink-1.15 
b/dev/deps/dependencies-client-flink-1.15
index 64a4ba77d..fb8f3f7df 100644
--- a/dev/deps/dependencies-client-flink-1.15
+++ b/dev/deps/dependencies-client-flink-1.15
@@ -81,5 +81,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-flink-1.17 
b/dev/deps/dependencies-client-flink-1.17
index 64a4ba77d..fb8f3f7df 100644
--- a/dev/deps/dependencies-client-flink-1.17
+++ b/dev/deps/dependencies-client-flink-1.17
@@ -81,5 +81,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-flink-1.18 
b/dev/deps/dependencies-client-flink-1.18
index 64a4ba77d..fb8f3f7df 100644
--- a/dev/deps/dependencies-client-flink-1.18
+++ b/dev/deps/dependencies-client-flink-1.18
@@ -81,5 +81,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-mr b/dev/deps/dependencies-client-mr
index 362227a6f..4fdd5938d 100644
--- a/dev/deps/dependencies-client-mr
+++ b/dev/deps/dependencies-client-mr
@@ -191,7 +191,7 @@ shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 slf4j-reload4j/1.7.36//slf4j-reload4j-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 stax2-api/4.2.1//stax2-api-4.2.1.jar
 token-provider/1.0.1//token-provider-1.0.1.jar
 websocket-api/9.4.51.v20230217//websocket-api-9.4.51.v20230217.jar
diff --git a/dev/deps/dependencies-client-spark-2.4 
b/dev/deps/dependencies-client-spark-2.4
index 2416aff41..372414e0e 100644
--- a/dev/deps/dependencies-client-spark-2.4
+++ b/dev/deps/dependencies-client-spark-2.4
@@ -81,5 +81,5 @@ scala-reflect/2.11.12//scala-reflect-2.11.12.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.4.4-3//zstd-jni-1.4.4-3.jar
diff --git a/dev/deps/dependencies-client-spark-3.0 
b/dev/deps/dependencies-client-spark-3.0
index 0dcc4c9d7..dce283505 100644
--- a/dev/deps/dependencies-client-spark-3.0
+++ b/dev/deps/dependencies-client-spark-3.0
@@ -81,5 +81,5 @@ scala-reflect/2.12.10//scala-reflect-2.12.10.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.4.4-3//zstd-jni-1.4.4-3.jar
diff --git a/dev/deps/dependencies-client-spark-3.1 
b/dev/deps/dependencies-client-spark-3.1
index 4342df2da..f3fc8f873 100644
--- a/dev/deps/dependencies-client-spark-3.1
+++ b/dev/deps/dependencies-client-spark-3.1
@@ -81,5 +81,5 @@ scala-reflect/2.12.10//scala-reflect-2.12.10.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.4.8-1//zstd-jni-1.4.8-1.jar
diff --git a/dev/deps/dependencies-client-spark-3.2 
b/dev/deps/dependencies-client-spark-3.2
index 5b18f5160..91dd16b7c 100644
--- a/dev/deps/dependencies-client-spark-3.2
+++ b/dev/deps/dependencies-client-spark-3.2
@@ -81,5 +81,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.0-4//zstd-jni-1.5.0-4.jar
diff --git a/dev/deps/dependencies-client-spark-3.3 
b/dev/deps/dependencies-client-spark-3.3
index 64a4ba77d..83077ad26 100644
--- a/dev/deps/dependencies-client-spark-3.3
+++ b/dev/deps/dependencies-client-spark-3.3
@@ -81,5 +81,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5/snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-spark-3.4 
b/dev/deps/dependencies-client-spark-3.4
index ba9f16bfd..48581a969 100644
--- a/dev/deps/dependencies-client-spark-3.4
+++ b/dev/deps/dependencies-client-spark-3.4
@@ -81,5 +81,5 @@ scala-reflect/2.12.17//scala-reflect-2.12.17.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-5//zstd-jni-1.5.2-5.jar
diff --git a/dev/deps/dependencies-client-spark-3.5 
b/dev/deps/dependencies-client-spark-3.5
index 8f9977c89..7a226408d 100644
--- a/dev/deps/dependencies-client-spark-3.5
+++ b/dev/deps/dependencies-client-spark-3.5
@@ -81,5 +81,5 @@ scala-reflect/2.12.18//scala-reflect-2.12.18.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.5-4//zstd-jni-1.5.5-4.jar
diff --git a/dev/deps/dependencies-server b/dev/deps/dependencies-server
index fe3785007..078b81214 100644
--- a/dev/deps/dependencies-server
+++ b/dev/deps/dependencies-server
@@ -96,5 +96,5 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
 shims/0.9.32//shims-0.9.32.jar
 slf4j-api/1.7.36//slf4j-api-1.7.36.jar
 snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.8.2//snappy-java-1.1.8.2.jar
+snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
 zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar

(incubator-celeborn) branch main updated: upgrade snappy-java from 1.1.8.2 to 1.1.10.5

Reply via email to