dependabot[bot] opened a new pull request, #197: URL: https://github.com/apache/xalan-java/pull/197
Bumps [org.mozilla:rhino](https://github.com/mozilla/rhino) from 1.7.14 to 1.7.14.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/rhino/blob/master/RELEASE-NOTES.md";>org.mozilla:rhino's changelog</a>.</em></p> <blockquote> <h1>Rhino 1.8.1, Rhino 1.7.15.1, Rhino 1.7.14.1</h1> <h2>December 2, 2025</h2> <p>These releases fix a bug in the code that formats floating-point numbers into strings that could result in very bad performance in some cases.</p> <p>We recommend that all users of Rhino upgrade to release 1.8.1 if possible, and upgrade to Java 17 or 21.</p> <p>Users who need an older release, or who cannot yet leave Java 8, can also use 1.7.15.1 or 1.7.14.1.</p> <h1>Rhino 1.8.0</h1> <h2>January 2, 2025</h2> <p>Rhino 1.8.0 contains some significant changes, so we're incrementing the final version number for the first time in a very long time. Here are a few highlights:</p> <ul> <li>Rhino now requires Java 11 minimum. We currently test against Java 11, 17, and 21.</li> <li>Rhino has been broken down into individual Java modules that are properly encapsulated as Java Modules. See <a href="https://github.com/mozilla/rhino/blob/master/README.md";>README.md</a> for a breakdown of which modules are which -- short answer is that everyone will need the "rhino" module and many will need others.</li> <li>Older code not able to adapt to using multiple JARS can still use the "rhino-all" module, which publishes an "all-in-one" JAR like the old "rhino.jar".</li> <li>The default language level is "VERSION_ES6". That means that modern JavaScript features supported by Rhino will work by default.</li> <li>There are big improvements in compatibility, including support for "super", reflect and proxy, and lots of other language features. See the <a href="https://mozilla.github.io/rhino/compat/engines.html";>compatibility table</a> for the details.</li> </ul> <p>Thanks to all who contributed -- we had 24 contributors to this release, with some new contributors who added significant capabilities. Please keep the contributions and attention coming!</p> <h1>Rhino 1.7.15</h1> <h2>May 3, 2024</h2> <p>Highlights of this release include:</p> <ul> <li>Basic support for "rest parameters"</li> <li>Improvements in Unicode support</li> <li>"Symbol.species" implemented in many places</li> <li>More correct property ordering in many places</li> <li>And many more improvements and bug fixes</li> </ul> <p>This release includes committs from 29 different committers. Thanks to you all for your help!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/mozilla/rhino/commits";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/xalan-java/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
