This is an automated email from the ASF dual-hosted git repository.
jerryshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new f731107f6b [#11084] improvement(deps): Upgrade snappy-java from
1.1.8.2 to 1.1.10.8 in hive-metastore-libs (#11085)
f731107f6b is described below
commit f731107f6b7ba679b65e72ed2727c9139600525f
Author: geyanggang <[email protected]>
AuthorDate: Mon May 18 19:37:27 2026 +0800
[#11084] improvement(deps): Upgrade snappy-java from 1.1.8.2 to 1.1.10.8 in
hive-metastore-libs (#11085)
### What changes were proposed in this pull request?
Add snappy-java to the version catalog (1.1.10.8) and add `constraints {
implementation(libs.snappy.java) }` in `hive-metastore2-libs` and
`hive-metastore3-libs` to upgrade the transitive snappy-java from
1.1.8.2.
### Why are the changes needed?
snappy-java 1.1.8.2 (from Hive Metastore transitive) has known issues
with buffer overflow and unchecked chunk length in decompression.
Version 1.1.10.8 fixes these while maintaining backward compatibility.
Fix: #11084
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
- `./gradlew :catalogs:hive-metastore2-libs:build
:catalogs:hive-metastore3-libs:build` — passes
- `./gradlew :catalogs:hive-metastore-common:test
:catalogs:catalog-hive:test -PskipITs` — passes
- Integration tests to be verified by CI
Co-authored-by: Jerry Shao <[email protected]>
---
catalogs/hive-metastore2-libs/build.gradle.kts | 3 ++-
catalogs/hive-metastore3-libs/build.gradle.kts | 3 ++-
gradle/libs.versions.toml | 2 ++
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/catalogs/hive-metastore2-libs/build.gradle.kts
b/catalogs/hive-metastore2-libs/build.gradle.kts
index 57214e8148..852ff7fafa 100644
--- a/catalogs/hive-metastore2-libs/build.gradle.kts
+++ b/catalogs/hive-metastore2-libs/build.gradle.kts
@@ -29,9 +29,10 @@ plugins {
// Guava and Logback are excluded because they are provided by the Gravitino
runtime classpath.
dependencies {
- // Force libthrift upgrade from the outdated 0.9.3 pulled by Hive Metastore
transitive deps
+ // Force upgrades for outdated transitive dependencies pulled by Hive
Metastore
constraints {
implementation(libs.thrift)
+ implementation(libs.snappy.java)
}
implementation(libs.hadoop3.common) {
diff --git a/catalogs/hive-metastore3-libs/build.gradle.kts
b/catalogs/hive-metastore3-libs/build.gradle.kts
index 212f435986..458bce593f 100644
--- a/catalogs/hive-metastore3-libs/build.gradle.kts
+++ b/catalogs/hive-metastore3-libs/build.gradle.kts
@@ -29,9 +29,10 @@ plugins {
// Guava and Logback are excluded because they are provided by the Gravitino
runtime classpath.
dependencies {
- // Force libthrift upgrade from the outdated 0.9.3 pulled by Hive Metastore
transitive deps
+ // Force upgrades for outdated transitive dependencies pulled by Hive
Metastore
constraints {
implementation(libs.thrift)
+ implementation(libs.snappy.java)
}
implementation(libs.hadoop3.common) {
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 72884f0fff..cfa98b7416 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -84,6 +84,7 @@ metrics = "4.2.25"
prometheus = "0.16.0"
clickhouse = "0.7.1"
lz4 = "1.8.0"
+snappy-java = "1.1.10.8"
mysql = "8.0.33"
postgresql = "42.6.0"
immutables-value = "2.11.7"
@@ -290,6 +291,7 @@ prometheus-dropwizard = { group = "io.prometheus", name =
"simpleclient_dropwiza
prometheus-servlet = { group = "io.prometheus", name = "simpleclient_servlet",
version.ref = "prometheus" }
clickhouse-driver = { group = "com.clickhouse", name = "clickhouse-jdbc",
version.ref = "clickhouse" }
lz4-java = { group = "org.lz4", name = "lz4-java", version.ref = "lz4" }
+snappy-java = { group = "org.xerial.snappy", name = "snappy-java", version.ref
= "snappy-java" }
mysql-driver = { group = "mysql", name = "mysql-connector-java", version.ref =
"mysql" }
postgresql-driver = { group = "org.postgresql", name = "postgresql",
version.ref = "postgresql" }
minikdc = { group = "org.apache.hadoop", name = "hadoop-minikdc", version.ref
= "hadoop-minikdc"}
