From 85a0f0f3278c2905a468385111fe244a42c7c898 Mon Sep 17 00:00:00 2001
From: bbimber <bbimber@gmail.com>
Date: Fri, 6 Oct 2023 14:15:46 -0500
Subject: [PATCH] Update snappy-java (#1687)

* Update snappy-java to fix vulnerability

snappy-java is an HTSJDK dependency that received a DoS CVE report last
week: https://github.com/advisories/GHSA-55g7-9cwv-5qfv
Also bump common-compress: https://commons.apache.org/proper/commons-compress/security.html
---
 build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 948e7e7b84..fa23fb9082 100644
--- a/build.gradle
+++ b/build.gradle
@@ -30,8 +30,8 @@ jacocoTestReport {
 
 dependencies {
     implementation 'commons-logging:commons-logging:1.2'
-    implementation "org.xerial.snappy:snappy-java:1.1.10.1"
-    implementation "org.apache.commons:commons-compress:1.22"
+    implementation "org.xerial.snappy:snappy-java:1.1.10.5"
+    implementation "org.apache.commons:commons-compress:1.24.0"
     implementation 'org.tukaani:xz:1.9'
     implementation "org.json:json:20230618"