Bump org.mozilla:rhino from 1.7R4 to 1.7.14.1 in /proxy_vole

[dependabot]

Bumps org.mozilla:rhino from 1.7R4 to 1.7.14.1.

Release notes

Sourced from org.mozilla:rhino's releases.

Rhino 1.7R5

January 30, 2015

This release contains fixes that have been sitting in the master branch for some time -- see the releases notes below.

The next release will be 1.8.0, and it will include many existing pull requests.

André Bargull (24):

• Add missing license header to DefineClassMapInheritance.java
• Remove invalid UTF-8 encoded unicode replacement characters (EF BF BD)
• Add missing entries
• Bug 772011: Decompiler does not add curly brackets for labelled statements
• Add fix for bug-772833 (comment copied over from Parser::condExpr1 in frontend/Parser.cpp)
• Fix bug 686806: - trailing commas aren't allowed in object/array literals per JSON spec - avoid using Integer.parseInt() to parse unicode escape sequences since parseInt() also accepts non-ASCII digits - also avoid using Character.isDigit() in readNumber() for the very same reason - readString() always created a StringBuilder instance to collect the input data, obviously this is actually only necessary when the input contains escaped characters. Therefore I've changed readString() to take the same approach as used in jsonparser.cpp - the JSON number specification is stricter than Double.parseDouble(), for example Double.parseDouble() accepts the input string '10.'. To ensure only valid JSON number literals are passed to Double.parseDouble(), readNumber() was refactored to perform the necessary input validation.
• Patch for bug 774083.
• Patch for Bug 688023:
• Fix broken test cases which relied on the old (and erroneous) toSource() output
• Patch bug 685403
• Patch for bug 637811:
• Fix bug 773573: Search for first curly bracket after closing parentheses to take account of object destructuring parameters
• Simple doctest for bug 773573
• Array.prototype.sort performed an unchecked cast from long to int without any overflow checks, this may result in a negative length which then throws a NegativeArraySizeException in Java, cf. js1_5/Array/regress-157652.js . A similar problem was found in NativeJSON, so I've handled that as well
• Add explicit cast to int to ensure previous behaviour is retained
• Calls must not be special-calls and reference-calls at the same time, cf. js1_5/Regress/regress-319391.js for a test case
• Enable js1_5/Regress/regress-319391.js for MozillaSuiteTest
• Patch for Bug 728286
• Add test case
• Patch for Bug 778549
• Add missing overflow detection when processing RegExp character class pattern
• Patch for Bug 780147:
• Patch for Bug 608235 ("Incorrect error message for undefined[undefined]")
• Patch for Bug 784358 ("Defining const variable within eval() throws redeclaration error")

Evgeny Shepelyuk (1):

• fix xmlbeans url

Gregory Brail (10):

• Add JUnit-based benchmarks that we can automate in Jenkins.
• Extract zipped-up tests into a directory and check them in that way.
• Extracted the stuff that was formerly in testsrc/tests.tar.gz.
• Add XML output for EMMA coverage reports.
• Fix character encoding tests to work on Mac.
• Add output to benchmarks that can work with the Jenkins "Measurement Plots" plugin. This replaces the former output from the "SunSpider" and "V8" benchmarks.
• Add files for Maven deployment.
• README update.
• Update README for other tests.
• Fix E4X test 13.4.4.24 which was failing on Java 8 due to different HashMap iteration ordering.

Hannes Wallnoefer (8):

• Unwrap Synchronizer in BaseFunction.toSource().

... (truncated)

Changelog

Sourced from org.mozilla:rhino's changelog.

Rhino 1.8.1, Rhino 1.7.15.1, Rhino 1.7.14.1

December 2, 2025

These releases fix a bug in the code that formats floating-point numbers into strings that could result in very bad performance in some cases.

We recommend that all users of Rhino upgrade to release 1.8.1 if possible, and upgrade to Java 17 or 21.

Users who need an older release, or who cannot yet leave Java 8, can also use 1.7.15.1 or 1.7.14.1.

Rhino 1.8.0

January 2, 2025

Rhino 1.8.0 contains some significant changes, so we're incrementing the final version number for the first time in a very long time. Here are a few highlights:

• Rhino now requires Java 11 minimum. We currently test against Java 11, 17, and 21.
• Rhino has been broken down into individual Java modules that are properly encapsulated as Java Modules. See README.md for a breakdown of which modules are which -- short answer is that everyone will need the "rhino" module and many will need others.
• Older code not able to adapt to using multiple JARS can still use the "rhino-all" module, which publishes an "all-in-one" JAR like the old "rhino.jar".
• The default language level is "VERSION_ES6". That means that modern JavaScript features supported by Rhino will work by default.
• There are big improvements in compatibility, including support for "super", reflect and proxy, and lots of other language features. See the compatibility table for the details.

Thanks to all who contributed -- we had 24 contributors to this release, with some new contributors who added significant capabilities. Please keep the contributions and attention coming!

Rhino 1.7.15

May 3, 2024

Highlights of this release include:

• Basic support for "rest parameters"
• Improvements in Unicode support
• "Symbol.species" implemented in many places
• More correct property ordering in many places
• And many more improvements and bug fixes

This release includes committs from 29 different committers. Thanks to you all for your help!

Rhino 1.7.14

January 6, 2022

Highlights

Features

ECMAScript features

• #160 Promise support (@​gbrail)
• #837 BigInt support (@​tuchida)
• #243 Template Literal support (@​p-bakker)
• #879 String.raw (@​tonygermano)
• #977 JSON superset (@​tuchida)
• #932 globalThis (@​p-bakker)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.