Bump org.mozilla:rhino from 1.7.14 to 1.7.14.1

[ashwintumma23]

Description

Summary ...

Updates org.mozilla:rhino from 1.7.14 to 1.7.14.1 to address CVE-2025-66453.

References

CVE-2025-66453: https://nvd.nist.gov/vuln/detail/CVE-2025-66453

Reason for upgrade

• Upgrading to 1.7.14.1 resolves the vulnerability (CVE-2025-66453) and ensures Druid uses a secure version of org.mozilla:rhino dependency.
• This prevents a Denial of Service caused by uncontrolled CPU consumption during floating-point to string conversions.

Tests

• Verified the dependency resolves correctly
• Build completes successfully with the updated version

Release note

Upgraded org.mozilla:rhino version to 1.7.14.1 to resolve CVE-2025-66453.

---

Key changed/added classes in this PR

• Top Level pom.xml

---

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• a release note entry in the PR description.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.