update copilot to 25.0.8 by vaadin-bot · Pull Request #8711 · vaadin/platform

vaadin-bot · 2026-03-26T13:16:07Z

No description provided.

github-actions · 2026-03-26T13:52:58Z

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:maven/com.fasterxml.jackson.core/jackson-core@2.20.0 [GHSA-72hv-8253-57qq] (osv-bomber)
  ·
- Vulnerabilities in: pkg:maven/org.springframework.security/spring-security-web@7.0.0 [CVE-2026-22732] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/serialize-javascript@6.0.2 [GHSA-5c6j-r48x-rmvq] (osv-bomber)
  ·
- Vulnerabilities in: pkg:npm/glob@11.1.0 [CVE-2025-64756] (oss-bomber)
  ·
- Vulnerabilities in: pkg:maven/tools.jackson.core/jackson-core@2.20.0 [] ()
  ·
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
  · cpe:2.3:a:ada:ada::::::::
📔 No Core License Issues
📔 No License Issues
🟠 Changes in 25.0-SNAPSHOT since V25.0.7
- 1 packages removed (1 external, 0 vaadin)
- 1 packages added (1 external, 0 vaadin)
- 175 packages modified (75 external, 100 vaadin)
- 725 packages same (597 external, 128 vaadin)

update copilot to 25.0.8

5151128

ZheSun88 changed the base branch from 25.0 to update-hilla-25.0.8-1774522347 March 26, 2026 13:16

ZheSun88 merged commit c27874f into update-hilla-25.0.8-1774522347 Mar 26, 2026
1 of 4 checks passed

ZheSun88 deleted the update-copilot-25.0.8-1774530964 branch March 26, 2026 13:16

Provide feedback