-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update rhino dependency #104
Comments
I wanted to contribute that change but noticed that there is fixme comment:
Made PR to verify the changes: #105 |
Can this be merged? |
Any news? Rhino 1.7.7.2 is reported as vulnerable by most tools. It would be great to update to latest version. In the meantime, should I assume it's fine to force 1.7.14 if I'm running Java 21? The comment in code seems to imply old version has been pinned for pre Java 8 compatibility. |
Would like to see this fix merged / deployed or can we get a new version that jumps to Rhino 1.7.14 or higher? |
Rhino https://mvnrepository.com/artifact/org.mozilla/rhino/1.7.14 is available and it contains a number of security patches.
See also: #27
The text was updated successfully, but these errors were encountered: