From 0fae8c82aea5b44e94f93c964253b46e4b844a41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Dec 2025 20:03:18 +0000 Subject: [PATCH] build(deps): bump org.mozilla:rhino from 1.7.14.1 to 1.9.0 Bumps [org.mozilla:rhino](https://github.com/mozilla/rhino) from 1.7.14.1 to 1.9.0. - [Release notes](https://github.com/mozilla/rhino/releases) - [Changelog](https://github.com/mozilla/rhino/blob/master/RELEASE-NOTES.md) - [Commits](https://github.com/mozilla/rhino/commits) --- updated-dependencies: - dependency-name: org.mozilla:rhino dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- openapi-validation-core/build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openapi-validation-core/build.gradle b/openapi-validation-core/build.gradle index 3d59b07..3cf4b1d 100644 --- a/openapi-validation-core/build.gradle +++ b/openapi-validation-core/build.gradle @@ -10,8 +10,8 @@ dependencies { implementation(libs.commons.codec) { because 'Apache commons-codec before 1.13 is vulnerable to information exposure. See https://devhub.checkmarx.com/cve-details/Cxeb68d52e-5509/' } - implementation('org.mozilla:rhino:1.7.14.1') { - because 'CVE-2025-66453: Rhino before 1.7.14.1 has high CPU usage and potential DoS when passing specific numbers to toFixed() function. See https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x' + implementation('org.mozilla:rhino:1.9.0') { + because 'CVE-2025-66453: Rhino before 1.9.0 has high CPU usage and potential DoS when passing specific numbers to toFixed() function. See https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x' } // implementation('org.yaml:snakeyaml:1.33') { // because 'Vulnerability in 1.33 is not yet fixed. See: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in' +