gjs is used in different places all over the gnome project. In some cases (e.g. gnome-shell-extensions) it can be used to parse arbitrary websites through extensions. In other cases it parses specific web pages (e.g. in gnome-weather or in gnome-shell's extension update feature)

gjs is based on pretty old versions of mozjs, the JavaScript engine of Mozilla Firefox. The latest version of gjs, 1.45.4, still uses mozjs24, which has seen the last update to 24.8.1esr on 2014-09-24, which is nearly 2 years old. Firefox has many security-critical bugs (not only in its JavaScript engine) which are being fixed on a regular basis. Reading through security update announcements since Mozilla released 24.8.1esr shows there are dozens of high and critical security vulnerabilities, some are affecting SpiderMonkey (and thus mozjs) as well. For this reason it is very important to have gjs updated to support a version of mozjs which still gets security updates. Furthermore, gjs should always be immediately rebased (or ported) to the latest available ESR version of mozjs so that distros with a slow release cycle (such as Debian or RHEL) can get security fixes through Mozilla's ESR updates.

I know that ESR updates are still limited to 1 year [1], but this way users will have the chance to get at least some security fixes in time.

In case gjs can't keep up with mozjs development speed it should probably be deprecated and removed in favor of seed [2], which follows a similiar goal.

[1] See https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal and https://www.mozilla.org/en-US/firefox/organizations/faq/

[2] https://wiki.gnome.org/Projects/Seed