[fix][sec] Upgrade snappy-java to 1.1.10.5

[lhotari]

Motivation

snappy-java 1.1.10.1 contains CVE-2023-43642 . Upgrade the dependency to 1.1.10.5 to get rid of the CVE.

Modifications

Upgrade the dependency to 1.1.10.5 to get rid of the CVE.

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

[codecov-commenter]

Codecov Report

Merging #21280 (0e10017) into master (8485d68) will increase coverage by 36.43%.
The diff coverage is n/a.

@@              Coverage Diff              @@
##             master   #21280       +/-   ##
=============================================
+ Coverage     36.79%   73.22%   +36.43%     
- Complexity    12217    32411    +20194     
=============================================
  Files          1698     1887      +189     
  Lines        130510   140197     +9687     
  Branches      14260    15436     +1176     
=============================================
+ Hits          48019   102666    +54647     
+ Misses        76155    29439    -46716     
- Partials       6336     8092     +1756     

Flag	Coverage Δ
inttests	24.12% <ø> (+0.03%)	⬆️
systests	24.70% <ø> (-0.04%)	⬇️
unittests	72.52% <ø> (+40.52%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1452 files with indirect coverage changes

[compuguy]

Will this PR be backported to the 3.1.x branch? This would reduce the number of high CVE's apache-pulsar currently has.

[lhotari]

Will this PR be backported to the 3.1.x branch? This would reduce the number of high CVE's apache-pulsar currently has.

@compuguy yes, this will be backported.

[lhotari]

@compuguy I have backported this to branch-2.11, branch-3.0 and branch-3.1 . This will be delivered as part of the next set of releases when that happens.

[compuguy]

Thank you @lhotari! 👍