From 70b0478eaba96cf1e30bfa2be96e1c09eea92f9f Mon Sep 17 00:00:00 2001
From: sidhdirenge <sidhdirenge@google.com>
Date: Wed, 17 Jun 2026 11:53:09 +0000
Subject: [PATCH 1/2] Upgrade snappy-java to 1.1.10.1 to fix CVE-2023-34453

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4ee420cf5..bc73ffe8a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -806,7 +806,7 @@
     <dependency>
       <groupId>org.xerial.snappy</groupId>
       <artifactId>snappy-java</artifactId>
-      <version>1.1.7.2</version>
+      <version>1.1.10.1</version>
     </dependency>
     <!-- Start: dependency for Google PubSub Streaming Source -->
     <dependency>

From 0f5abe66e8c66ab0fd43b1ef0b9aafb608bf61f8 Mon Sep 17 00:00:00 2001
From: sidhdirenge <sidhdirenge@google.com>
Date: Wed, 17 Jun 2026 12:07:56 +0000
Subject: [PATCH 2/2] Upgrade snappy-java to 1.1.10.5 to resolve CVE-2023-43642

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index bc73ffe8a..e09f83e83 100644
--- a/pom.xml
+++ b/pom.xml
@@ -806,7 +806,7 @@
     <dependency>
       <groupId>org.xerial.snappy</groupId>
       <artifactId>snappy-java</artifactId>
-      <version>1.1.10.1</version>
+      <version>1.1.10.5</version>
     </dependency>
     <!-- Start: dependency for Google PubSub Streaming Source -->
     <dependency>