This is an automated email from the ASF dual-hosted git repository. yumwang pushed a commit to branch branch-3.4 in repository https://gitbox.apache.org/repos/asf/spark.git
commit 89bfb1ffe6c1df53a307b55ccf87e1a4d265a76a Author: Yuming Wang <yumw...@ebay.com> AuthorDate: Fri Jun 16 23:49:30 2023 +0800 [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1 ### What changes were proposed in this pull request? Bump snappy-java from 1.1.10.0 to 1.1.10.1. ### Why are the changes needed? This mostly is a security version, the notable changes are CVE fixing. - CVE-2023-34453 Integer overflow in shuffle - CVE-2023-34454 Integer overflow in compress - CVE-2023-34455 Unchecked chunk length Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes #41616 from pan3793/SPARK-44070. Authored-by: Cheng Pan <cheng...@apache.org> Signed-off-by: Yuming Wang <yumw...@ebay.com> (cherry picked from commit 0502a42dda4d0822e2572a3d1ae6928d90b792a9) Signed-off-by: Yuming Wang <yumw...@ebay.com> --- dev/deps/spark-deps-hadoop-2-hive-2.3 | 2 +- dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +- pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3 index 340f08d5863..358fcda921e 100644 --- a/dev/deps/spark-deps-hadoop-2-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-2-hive-2.3 @@ -248,7 +248,7 @@ scala-xml_2.12/2.1.0//scala-xml_2.12-2.1.0.jar shims/0.9.38//shims-0.9.38.jar slf4j-api/2.0.6//slf4j-api-2.0.6.jar snakeyaml/1.33//snakeyaml-1.33.jar -snappy-java/1.1.10.0//snappy-java-1.1.10.0.jar +snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index 5f85a8eae2f..d34ebb1067e 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -235,7 +235,7 @@ scala-xml_2.12/2.1.0//scala-xml_2.12-2.1.0.jar shims/0.9.38//shims-0.9.38.jar slf4j-api/2.0.6//slf4j-api-2.0.6.jar snakeyaml/1.33//snakeyaml-1.33.jar -snappy-java/1.1.10.0//snappy-java-1.1.10.0.jar +snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar diff --git a/pom.xml b/pom.xml index e4624ba6c4f..46874dca5b2 100644 --- a/pom.xml +++ b/pom.xml @@ -185,7 +185,7 @@ <codehaus.jackson.version>1.9.13</codehaus.jackson.version> <fasterxml.jackson.version>2.14.2</fasterxml.jackson.version> <fasterxml.jackson.databind.version>2.14.2</fasterxml.jackson.databind.version> - <snappy.version>1.1.10.0</snappy.version> + <snappy.version>1.1.10.1</snappy.version> <netlib.ludovic.dev.version>3.0.3</netlib.ludovic.dev.version> <commons-codec.version>1.15</commons-codec.version> <commons-compress.version>1.22</commons-compress.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org