From b6ec0cac7e9e1ce49b7d7e19afbe5389ca74518e Mon Sep 17 00:00:00 2001
From: Davide Angelocola <davide.angelocola@gmail.com>
Date: Sat, 27 Jun 2026 09:11:36 +0200
Subject: [PATCH] build(deps): bump io.github.dfa1.zstd to 0.5

0.5 ships smaller jars (native debug symbols stripped).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 CHANGELOG.md | 4 ++++
 pom.xml      | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc0d41f5..e3668e0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Bumped `io.github.dfa1.zstd` (the `vortex.zstd` FFM bindings, pinned by the BOM) 0.4 → 0.5, which ships smaller jars (native debug symbols stripped). ([6dcdbe94](https://github.com/dfa1/vortex-java/commit/6dcdbe94))
+
 ## [0.10.1] — 2026-06-27
 
 Security hardening of the untrusted-input parse paths: every malformed-file path now surfaces as a `VortexException` instead of an unchecked `Error`, a raw JDK exception, or a resource leak (ADR 0003). Plus a `vortex.zstd` binding bump.
diff --git a/pom.xml b/pom.xml
index 6af709ac..08531c6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -58,7 +58,7 @@
 		<maven.compiler.release>25</maven.compiler.release>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<!-- production -->
-		<zstd.version>0.4</zstd.version>
+		<zstd.version>0.5</zstd.version>
 
 
 		<fastcsv.version>4.3.0</fastcsv.version>