Fix CVE-2023-34455

bumps snappy-java version to fix CVE

pom.xml

@@ -52,16 +52,18 @@
 
     <!-- This allows you to test feature branches with jitpack -->
     <armeria.groupId>com.linecorp.armeria</armeria.groupId>
-    <armeria.version>1.17.2</armeria.version>
+    <armeria.version>1.24.3</armeria.version>
     <!-- Match Armeria version to avoid conflicts including running tests in the IDE -->
-    <netty.version>4.1.95.Final</netty.version>
+    <netty.version>4.1.96.Final</netty.version>
 
     <!-- It's easy for Jackson dependencies to get misaligned, so we manage it ourselves. -->
     <jackson.version>2.15.0</jackson.version>
 
     <java-driver.version>4.11.3</java-driver.version>
     <micrometer.version>1.9.3</micrometer.version>
 
+    <snappy.version>1.1.10.3</snappy.version>
+
     <!-- Used for Generated annotations -->
     <javax-annotation-api.version>1.3.1</javax-annotation-api.version>
 

zipkin-server/pom.xml

@@ -110,6 +110,13 @@
       <version>${snakeyaml.version}</version>
     </dependency>
 
+    <!-- Override to avoid CVE-2023-34455 -->
+    <dependency>
+      <groupId>org.xerial.snappy</groupId>
+      <artifactId>snappy-java</artifactId>
+      <version>${snappy.version}</version>
+    </dependency>
+
     <!-- Override log4j 2 version to avoid CVE-2021-44228 -->
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>