Skip to content

fix(deps): update dependency at.yawk.lz4:lz4-java to v1.11.0#156

Closed
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/at.yawk.lz4-lz4-java-1.x
Closed

fix(deps): update dependency at.yawk.lz4:lz4-java to v1.11.0#156
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/at.yawk.lz4-lz4-java-1.x

Conversation

@renovate

@renovate renovate Bot commented Mar 24, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
at.yawk.lz4:lz4-java 1.10.11.11.0 age confidence

Release Notes

yawkat/lz4-java (at.yawk.lz4:lz4-java)

v1.11.0: lz4-java v1.11.0

Compare Source

What's Changed

New Contributors

Full Changelog: yawkat/lz4-java@v1.10.4...v1.11.0

v1.10.4: lz4-java v1.10.4

Compare Source

What's Changed

These changes attempt to fix the native performance regression in 1.9+. They should have no functional or security impact.

Full Changelog: yawkat/lz4-java@v1.10.3...v1.10.4

v1.10.3: lz4-java v1.10.3

Compare Source

What's Changed

New Contributors

Full Changelog: yawkat/lz4-java@v1.10.2...v1.10.3

v1.10.2: lz4-java v1.10.2

Compare Source

What's Changed

New Contributors

Full Changelog: yawkat/lz4-java@v1.10.1...v1.10.2


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/at.yawk.lz4-lz4-java-1.x branch from d4a9ac5 to 3b4e928 Compare April 1, 2026 19:36
@renovate renovate Bot changed the title fix(deps): update dependency at.yawk.lz4:lz4-java to v1.10.4 fix(deps): update dependency at.yawk.lz4:lz4-java to v1.11.0 Apr 9, 2026
@renovate renovate Bot force-pushed the renovate/at.yawk.lz4-lz4-java-1.x branch from 3b4e928 to 7993428 Compare April 9, 2026 20:39
@renovate renovate Bot force-pushed the renovate/at.yawk.lz4-lz4-java-1.x branch from 7993428 to 5fe4e0f Compare May 14, 2026 18:45
@renovate renovate Bot force-pushed the renovate/at.yawk.lz4-lz4-java-1.x branch from 5fe4e0f to 4c2aa5c Compare June 1, 2026 20:08
@nikagra nikagra self-requested a review June 15, 2026 17:37

@nikagra nikagra left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment states that lz4-java version "should match version from drivers POM". Need to be merged after next java-driver 4.x release (already has version bumped)

nikagra added a commit that referenced this pull request Jun 15, 2026
Consume java-driver 4.19.2.0 which inherits the following fixes:

- CVE-2026-42583: netty-handler HTTP response splitting (fixed in 4.1.133.Final)
- CVE-2026-44249: netty-handler IPv6 subnet rule bypass (fixed in 4.1.135.Final)
- CVE-2026-45416: netty-handler SslClientHelloHandler DoS (fixed in 4.1.135.Final)

The driver 4.19.2.0 ships with netty 4.1.135.Final via scylladb/java-driver#925,
so the temporary netty-bom override added in #165 and #185 is no longer needed.

Also bumps lz4-java from 1.10.1 to 1.11.0 to match the driver POM.

Closes #164, closes #184
Supersedes: #165, #185 (Stage 1 overrides — safe to close)
Supersedes: Renovate PR #156 (lz4-java 1.10.1 → 1.11.0)
nikagra added a commit that referenced this pull request Jun 29, 2026
Consume java-driver 4.19.2.0 which inherits the following fixes:

- CVE-2026-42583: netty-handler HTTP response splitting (fixed in 4.1.133.Final)
- CVE-2026-44249: netty-handler IPv6 subnet rule bypass (fixed in 4.1.135.Final)
- CVE-2026-45416: netty-handler SslClientHelloHandler DoS (fixed in 4.1.135.Final)

The driver 4.19.2.0 ships with netty 4.1.135.Final via scylladb/java-driver#925,
so the temporary netty-bom override added in #165 and #185 is no longer needed.

Also bumps lz4-java from 1.10.1 to 1.11.0 to match the driver POM.

Closes #164, closes #184
Supersedes: #165, #185 (Stage 1 overrides — safe to close)
Supersedes: Renovate PR #156 (lz4-java 1.10.1 → 1.11.0)
@nikagra

nikagra commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

🤖: Closing as superseded by #167.

lz4-java 1.11.0 is already included in that PR, which aligns the version with the one declared in java-driver 4.19.2.0 POM (<lz4.version>1.11.0</lz4.version>). Merging this PR separately would conflict with the driver bump.

@nikagra nikagra closed this Jun 29, 2026
@renovate

renovate Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (1.11.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate Bot deleted the renovate/at.yawk.lz4-lz4-java-1.x branch June 29, 2026 14:37
nikagra added a commit that referenced this pull request Jun 30, 2026
Consume java-driver 4.19.2.0 which inherits the following fixes:

- CVE-2026-42583: netty-handler HTTP response splitting (fixed in 4.1.133.Final)
- CVE-2026-44249: netty-handler IPv6 subnet rule bypass (fixed in 4.1.135.Final)
- CVE-2026-45416: netty-handler SslClientHelloHandler DoS (fixed in 4.1.135.Final)

The driver 4.19.2.0 ships with netty 4.1.135.Final via scylladb/java-driver#925,
so the temporary netty-bom override added in #165 and #185 is no longer needed.

Also bumps lz4-java from 1.10.1 to 1.11.0 to match the driver POM.

Closes #164, closes #184
Supersedes: #165, #185 (Stage 1 overrides — safe to close)
Supersedes: Renovate PR #156 (lz4-java 1.10.1 → 1.11.0)
dkropachev pushed a commit that referenced this pull request Jun 30, 2026
Consume java-driver 4.19.2.0 which inherits the following fixes:

- CVE-2026-42583: netty-handler HTTP response splitting (fixed in 4.1.133.Final)
- CVE-2026-44249: netty-handler IPv6 subnet rule bypass (fixed in 4.1.135.Final)
- CVE-2026-45416: netty-handler SslClientHelloHandler DoS (fixed in 4.1.135.Final)

The driver 4.19.2.0 ships with netty 4.1.135.Final via scylladb/java-driver#925,
so the temporary netty-bom override added in #165 and #185 is no longer needed.

Also bumps lz4-java from 1.10.1 to 1.11.0 to match the driver POM.

Closes #164, closes #184
Supersedes: #165, #185 (Stage 1 overrides — safe to close)
Supersedes: Renovate PR #156 (lz4-java 1.10.1 → 1.11.0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant