[commons-scxml] branch master updated: Update to JEXL 3.3

[henrib]

This is an automated email from the ASF dual-hosted git repository.

henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-scxml.git


The following commit(s) were added to refs/heads/master by this push:
     new 0dbbd2a  Update to JEXL 3.3
     new 1140b4c  Merge pull request #123 from henrib/master
0dbbd2a is described below

commit 0dbbd2a0266ad7034d23e5ad0db6a3f321438072
Author: Henri Biestro <hen...@apache.org>
AuthorDate: Tue Apr 11 17:53:59 2023 +0200

    Update to JEXL 3.3
---
 pom.xml                                                           | 8 ++++----
 .../java/org/apache/commons/scxml2/env/jexl/JexlEvaluator.java    | 4 +++-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 589f6bd..b978963 100644
--- a/pom.xml
+++ b/pom.xml
@@ -160,7 +160,7 @@
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-jexl3</artifactId>
-      <version>3.2.1</version>
+      <version>3.3</version>
       <optional>true</optional>
     </dependency>
     <dependency>
@@ -377,7 +377,7 @@
           <artifactId>js</artifactId>
           <version>22.0.0</version>
           <scope>test</scope>
-        </dependency>  
+        </dependency>
         <dependency>
           <groupId>org.graalvm.js</groupId>
           <artifactId>js-scriptengine</artifactId>
@@ -401,9 +401,9 @@
               </additionalJOptions>
             </configuration>
           </plugin>
-        </plugins>      
+        </plugins>
       </build>
-    </profile>  
+    </profile>
     <profile>
       <id>rc</id>
       <distributionManagement>
diff --git 
a/src/main/java/org/apache/commons/scxml2/env/jexl/JexlEvaluator.java 
b/src/main/java/org/apache/commons/scxml2/env/jexl/JexlEvaluator.java
index 9f181bf..e628ee5 100644
--- a/src/main/java/org/apache/commons/scxml2/env/jexl/JexlEvaluator.java
+++ b/src/main/java/org/apache/commons/scxml2/env/jexl/JexlEvaluator.java
@@ -23,6 +23,7 @@ import org.apache.commons.jexl3.JexlBuilder;
 import org.apache.commons.jexl3.JexlExpression;
 import org.apache.commons.jexl3.JexlEngine;
 import org.apache.commons.jexl3.JexlScript;
+import org.apache.commons.jexl3.introspection.JexlPermissions;
 import org.apache.commons.scxml2.Context;
 import org.apache.commons.scxml2.Evaluator;
 import org.apache.commons.scxml2.EvaluatorProvider;
@@ -180,7 +181,8 @@ public class JexlEvaluator extends AbstractBaseEvaluator {
         // See javadoc of 
org.apache.commons.jexl2.JexlEngine#setFunctions(Map<String,Object> funcs) for 
detail.
         final Map<String, Object> funcs = new HashMap<>();
         funcs.put(null, JexlBuiltin.class);
-        return new JexlBuilder().namespaces(funcs).cache(256).create();
+        JexlPermissions permissions = 
JexlPermissions.RESTRICTED.compose("org.apache.commons.scxml2.*");
+        return new 
JexlBuilder().permissions(permissions).namespaces(funcs).cache(256).create();
     }
 
     /**