Update flow to 25.0.13 by vaadin-bot · Pull Request #8919 · vaadin/platform

vaadin-bot · 2026-05-22T06:38:29Z

No description provided.

github-actions · 2026-05-22T06:46:01Z

Dependencies Report

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21 [CVE-2026-43515, CVE-2026-43513, CVE-2026-43514, CVE-2026-42498, CVE-2026-41284, CVE-2026-43512, CVE-2026-41293, BIT-tomcat-2026-43515, BIT-tomcat-2026-43513, BIT-tomcat-2026-43514, BIT-tomcat-2026-42498, BIT-tomcat-2026-41284, BIT-tomcat-2026-43512, BIT-tomcat-2026-41293] (osv-bomber,osv-scan,owasp)
  · cpe:2.3:a:apache:tomcat::::::::
  ·
- Vulnerabilities in: pkg:maven/io.opentelemetry/opentelemetry-api@1.54.1 [CVE-2026-45292] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/js-cookie@3.0.5 [CVE-2026-46625] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:maven/io.opentelemetry/opentelemetry-extension-trace-propagators@1.54.1 [CVE-2026-45292] (osv-scan)
  ·
- Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat@11.0.21 [BIT-tomcat-2026-43515, CVE-2026-43515, BIT-tomcat-2026-43513, CVE-2026-43513, BIT-tomcat-2026-43514, CVE-2026-43514, BIT-tomcat-2026-42498, CVE-2026-42498, BIT-tomcat-2026-41284, CVE-2026-41284, BIT-tomcat-2026-43512, CVE-2026-43512, BIT-tomcat-2026-41293, CVE-2026-41293] (osv-scan)
  ·
- Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.21 [BIT-tomcat-2026-43515, CVE-2026-43515, BIT-tomcat-2026-43513, CVE-2026-43513, BIT-tomcat-2026-43514, CVE-2026-43514, BIT-tomcat-2026-42498, CVE-2026-42498, BIT-tomcat-2026-41284, CVE-2026-41284, BIT-tomcat-2026-43512, CVE-2026-43512, BIT-tomcat-2026-41293, CVE-2026-41293] (osv-scan)
  ·
- Vulnerabilities in: pkg:maven/com.networknt/json-schema-validator@1.5.9 [CVE-2025-15104] (owasp)
  · cpe:2.3:a:validator:validator::::::::
- Vulnerabilities in: pkg:maven/com.vaadin/vaadin-swing-kit-flow@3.0.1 [CVE-2021-33604] (owasp)
  · cpe:2.3:a:vaadin:flow-server::::::::
  · cpe:2.3:a:vaadin:vaadin::::::::
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
  · cpe:2.3:a:ada:ada::::::::
📔 No Core License Issues
📔 No License Issues
🟠 Changes in 25.0-SNAPSHOT since V25.0.11
- 99 packages modified (16 external, 83 vaadin)
- 549 packages same (404 external, 145 vaadin)

[Click for more Details]

Update flow to 25.0.13

3842332

ZheSun88 enabled auto-merge (squash) May 22, 2026 07:03

ZheSun88 approved these changes May 22, 2026

View reviewed changes

ZheSun88 merged commit 97afe1f into 25.0 May 22, 2026
3 of 4 checks passed

ZheSun88 deleted the update-flow-25.0.13-1779431904 branch May 22, 2026 08:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update flow to 25.0.13#8919

Update flow to 25.0.13#8919
ZheSun88 merged 1 commit into
25.0from
update-flow-25.0.13-1779431904

vaadin-bot commented May 22, 2026

Uh oh!

github-actions Bot commented May 22, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

vaadin-bot commented May 22, 2026

Uh oh!

github-actions Bot commented May 22, 2026

Dependencies Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants