From 5ff1ca9a820317b447f2043da405123ec0fd4998 Mon Sep 17 00:00:00 2001 From: Zhe Sun <31067185+ZheSun88@users.noreply.github.com> Date: Fri, 22 May 2026 11:22:26 +0300 Subject: [PATCH 1/2] chore: upgrade testbench to 10.0.6 (25.0) --- versions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.json b/versions.json index 74d2da212..cbab151c5 100644 --- a/versions.json +++ b/versions.json @@ -512,7 +512,7 @@ "pro": true }, "vaadin-testbench": { - "javaVersion": "10.0.5", + "javaVersion": "10.0.6", "pro": true } } From 925bba4b3bdc8d34695f3de2c54d187e64436a34 Mon Sep 17 00:00:00 2001 From: Zhe Sun Date: Fri, 22 May 2026 15:50:24 +0300 Subject: [PATCH 2/2] update observability-kit and cve list --- scripts/generateAndCheckSBOM.js | 10 +++++++++- versions.json | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/generateAndCheckSBOM.js b/scripts/generateAndCheckSBOM.js index be39861b5..fd08ff328 100755 --- a/scripts/generateAndCheckSBOM.js +++ b/scripts/generateAndCheckSBOM.js @@ -100,7 +100,15 @@ const cveWhiteList = { 'pkg:maven/org.codehaus.plexus/plexus-utils@3.6.1' : { cves: ['CVE-2025-67030'], description: 'FP: version 3.6.1 includes the fix per GHSA-6fmv-xxpf-w3cw (patched in 3.6.1+).' - } + }, + 'pkg:maven/com.vaadin/vaadin-swing-kit-flow@3.0.1' : { + cves: ['CVE-2021-33604'], + description: 'false report: this CVE is targeting Vaadin version prior 20, swing-kit-flow is using vaadin 24+ version, the related issue has been fixed.' + }, + 'pkg:maven/com.networknt/json-schema-validator@1.5.9' : { + cves: ['CVE-2025-15104'], + description: 'FP: The CVE belongs to Nu Html Checker which produce a false positive on Networknt JSON Schema Validator due to the overlapping keyword or an overly broad CPE mapping rule.' + }, } const STYLE = `