flink icon indicating copy to clipboard operation
flink copied to clipboard
verified publisher icon apache

[FLINK-36537] Bump snappy-java from 1.1.10.4 to 1.1.10.7

Open r-sidd opened this issue 1 year ago • 1 comments

What is the purpose of the change

Bump snappy-java from 1.1.10.4 to 1.1.10.7

Brief change log

The current version has vulnerability in the dependant package, bumping it to the latest version will remediate.

Vulnerabilities from dependencies: CVE-2024-23454 CVE-2022-26612

Package details: https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.10.7

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): yes
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: no
  • The runtime per-record code paths (performance sensitive): no
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

r-sidd avatar Oct 19 '24 17:10 r-sidd

CI report:

  • bdf08116b840aa00a8efb1c0fa9ac04a6addc105 Azure: SUCCESS
Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

flinkbot avatar Oct 19 '24 17:10 flinkbot

@ferenc-csaky can you review this PR 😃

r-sidd avatar Oct 24 '24 03:10 r-sidd