Update vulnerable rhino and jackson-databind dependencies

[LonelyMidoriya]

Summary by CodeRabbit

• Chores
  • Updated application dependencies for maintenance and compatibility.
  • Upgraded core runtime and JSON-processing libraries to improve stability, compatibility, and security posture across supported environments.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 36b50399-220b-48d5-9809-7a4b15ade9e7

📥 Commits

Reviewing files that changed from the base of the PR and between 820173e and 2eab848.

📒 Files selected for processing (1)

• core/pom.xml

✅ Files skipped from review due to trivial changes (1)

• core/pom.xml

---

📝 Walkthrough

Walkthrough

Maven dependency versions in core/pom.xml were updated: org.mozilla:rhino set to 1.7.15.1, and com.fasterxml.jackson.core:jackson-databind bumped from 2.15.0 to 2.21.1.

Changes

Cohort / File(s)	Summary
Maven Dependencies core/pom.xml	Added explicit org.mozilla:rhino version 1.7.15.1; upgraded com.fasterxml.jackson.core:jackson-databind from 2.15.0 to 2.21.1.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰✨ I hopped the pom to tweak a seed,
Pinning Rhino so it’s guaranteed,
Jackson climbed a newer tree,
Small changes, tidy as can be,
A rabbit's nudge — dependency glee.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating vulnerable rhino and jackson-databind dependencies in core/pom.xml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependencies

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

core/pom.xml (1)

53-98: Recommend integration testing after version verification.

Once the dependency versions are confirmed to be valid and address the intended security vulnerabilities, ensure that integration tests are run to verify compatibility with the existing API usage patterns in:

• JavaScriptEvaluator.java (Rhino Context and Script APIs)
• JsonHandler.java and FeaturesNodeSerializer.java (Jackson ObjectMapper and JsonGenerator APIs)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/pom.xml` around lines 53 - 98, After updating dependency versions in the
POM, run focused integration tests to verify API compatibility for
JavaScriptEvaluator.java (exercise Rhino Context and Script APIs to ensure
script execution, context entry/exit, and classloader behavior still work), and
for JsonHandler.java and FeaturesNodeSerializer.java (exercise Jackson
ObjectMapper and JsonGenerator usage paths to catch any changed method
signatures or configuration defaults); if tests fail, update the affected files
to match the new APIs (e.g., adjust Context/Scriptable usage in
JavaScriptEvaluator, update ObjectMapper/JsonGenerator configuration or method
calls in JsonHandler and FeaturesNodeSerializer, and add compatibility shims or
explicit configuration), then re-run integration tests until green.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@core/pom.xml`:
- Around line 53-98: After updating dependency versions in the POM, run focused
integration tests to verify API compatibility for JavaScriptEvaluator.java
(exercise Rhino Context and Script APIs to ensure script execution, context
entry/exit, and classloader behavior still work), and for JsonHandler.java and
FeaturesNodeSerializer.java (exercise Jackson ObjectMapper and JsonGenerator
usage paths to catch any changed method signatures or configuration defaults);
if tests fail, update the affected files to match the new APIs (e.g., adjust
Context/Scriptable usage in JavaScriptEvaluator, update
ObjectMapper/JsonGenerator configuration or method calls in JsonHandler and
FeaturesNodeSerializer, and add compatibility shims or explicit configuration),
then re-run integration tests until green.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 62a88f6b-2fad-4c38-8327-116d3f2d1195

📥 Commits

Reviewing files that changed from the base of the PR and between 35321f8 and 820173e.

📒 Files selected for processing (1)

• core/pom.xml