Skip to content

Commit 50b4388

Browse files
dependabot[bot]dependabot[bot]
authored
build(deps): bump org.mozilla:rhino from 1.9.0 to 1.9.1
Bumps [org.mozilla:rhino](https://github.com/mozilla/rhino) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/mozilla/rhino/releases) - [Changelog](https://github.com/mozilla/rhino/blob/master/RELEASE-NOTES.md) - [Commits](https://github.com/mozilla/rhino/commits) --- updated-dependencies: - dependency-name: org.mozilla:rhino dependency-version: 1.9.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
1 parent 10d38cd commit 50b4388

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

openapi-validation-core/build.gradle

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@ dependencies {
1010
implementation(libs.commons.codec) {
1111
because 'Apache commons-codec before 1.13 is vulnerable to information exposure. See https://devhub.checkmarx.com/cve-details/Cxeb68d52e-5509/'
1212
}
13-
implementation('org.mozilla:rhino:1.9.0') {
14-
because 'CVE-2025-66453: Rhino before 1.9.0 has high CPU usage and potential DoS when passing specific numbers to toFixed() function. See https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x'
13+
implementation('org.mozilla:rhino:1.9.1') {
14+
because 'CVE-2025-66453: Rhino before 1.9.1 has high CPU usage and potential DoS when passing specific numbers to toFixed() function. See https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x'
1515
}
1616
// implementation('org.yaml:snakeyaml:1.33') {
1717
// because 'Vulnerability in 1.33 is not yet fixed. See: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in' +

0 commit comments

Comments
 (0)