build(deps): Bump io.airlift:aircompressor from 0.27 to 2.0.3

[dependabot]

Bumps io.airlift:aircompressor from 0.27 to 2.0.3.

Release notes

Sourced from io.airlift:aircompressor's releases.

aircompressor 2.0.3

What's Changed

• Backport fixes for CVE-2025-67721 by @​ali-ince in airlift/aircompressor#309
• Add njord release workflow to 2.x by @​wendigo in airlift/aircompressor#323
• Update gpg plugin to 3.2.8 by @​wendigo in airlift/aircompressor#325

New Contributors

• @​ali-ince made their first contribution in airlift/aircompressor#309

Full Changelog: airlift/aircompressor@2.0.2...2.0.3

Release 2.0

What's Changed

Others

• Initial v2 changes by @​dain in airlift/aircompressor#189
• Add dependabot by @​Fokko in airlift/aircompressor#166
• Bump actions/checkout from 1 to 4 by @​dependabot in airlift/aircompressor#191
• Bump io.airlift:airbase from 153 to 154 by @​dependabot in airlift/aircompressor#192
• Bump com.github.luben:zstd-jni from 1.5.5-11 to 1.5.6-3 by @​dependabot in airlift/aircompressor#193
• Bump actions/setup-java from 3 to 4 by @​dependabot in airlift/aircompressor#190
• Add native Lz4, Snappy, and Zstd by @​dain in airlift/aircompressor#201
• Fix download paths by @​martint in airlift/aircompressor#205
• Fix temp path construction by @​martint in airlift/aircompressor#204
• Release workflow by @​wendigo in airlift/aircompressor#212
• Add factory to create a (de)compressor based on native availability by @​wendigo in airlift/aircompressor#203
• Add system properties to README by @​wendigo in airlift/aircompressor#217
• Bump org.xerial.snappy:snappy-java from 1.1.10.5 to 1.1.10.6 by @​dependabot in airlift/aircompressor#215
• Do not require Hadoop native zlib by @​dain in airlift/aircompressor#214
• Bump io.airlift:airbase from 160 to 163 by @​dependabot in airlift/aircompressor#218
• Bump com.github.luben:zstd-jni from 1.5.6-3 to 1.5.6-4 by @​dependabot in airlift/aircompressor#208

New Contributors

• @​Fokko made their first contribution in airlift/aircompressor#166
• @​dependabot made their first contribution in airlift/aircompressor#191
• @​wendigo made their first contribution in airlift/aircompressor#212

Full Changelog: airlift/aircompressor@0.27...2.0

Commits

• b98c7d8 [maven-release-plugin] prepare release 2.0.3
• c58c3db Delete release.yml
• a9bff17 Update gpg plugin to 3.2.8
• a6de160 Rename release-2x.yml to release.yml
• 2af2557 Add njord release workflow to 2.x
• 35152dc Backport fix LZ4 decompressor data leak when match offset is zero
• 596042a Backport fix data leak when snappy match offset is zero
• 869ef20 [maven-release-plugin] prepare for next development iteration
• 36fe717 [maven-release-plugin] prepare release 2.0.2
• 8d24b66 Revert "Upgrade to Airbase 163"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

pom.xml

Package	Version	License	Issue Type
io.airlift:aircompressor	2.0.3	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/io.airlift:aircompressor	2.0.3	⚠️ 3.5	Details Check Score Reason Code-Review ⚠️ 4 Found 9/20 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• pom.xml

[imjalpreet]

Duplicate of #27152

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.