Update flow to 25.0.9 by vaadin-bot · Pull Request #8704 · vaadin/platform

vaadin-bot · 2026-03-25T14:16:08Z

No description provided.

github-actions · 2026-03-25T14:57:35Z

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:maven/com.fasterxml.jackson.core/jackson-core@2.20.0 [GHSA-72hv-8253-57qq] (osv-bomber)
  ·
- Vulnerabilities in: pkg:maven/org.springframework.security/spring-security-web@7.0.0 [CVE-2026-22732] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/serialize-javascript@6.0.2 [GHSA-5c6j-r48x-rmvq] (osv-bomber)
  ·
- Vulnerabilities in: pkg:npm/glob@11.1.0 [CVE-2025-64756] (oss-bomber)
  ·
- Vulnerabilities in: pkg:maven/tools.jackson.core/jackson-core@2.20.0 [] ()
  ·
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
  · cpe:2.3:a:ada:ada::::::::
📔 No Core License Issues
📔 No License Issues
🟠 Changes in 25.0-SNAPSHOT since V25.0.7
- 1 packages removed (1 external, 0 vaadin)
- 1 packages added (1 external, 0 vaadin)
- 161 packages modified (75 external, 86 vaadin)
- 739 packages same (597 external, 142 vaadin)

Update flow to 25.0.9

fc3f7e1

Merge branch '25.0' into update-flow-25.0.9-1774448163

aa47676

ZheSun88 approved these changes Mar 26, 2026

View reviewed changes

ZheSun88 merged commit 494469f into 25.0 Mar 26, 2026
3 of 4 checks passed

ZheSun88 deleted the update-flow-25.0.9-1774448163 branch March 26, 2026 08:01

Provide feedback