chore: Update vaadin-quarkus to 3.1.2 (25.1) by mcollovati · Pull Request #8927 · vaadin/platform

mcollovati · 2026-05-22T09:31:00Z

No description provided.

github-actions · 2026-05-22T09:40:05Z

Dependencies Report

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21 [CVE-2026-43515, CVE-2026-43513, CVE-2026-43514, CVE-2026-42498, CVE-2026-41284, CVE-2026-43512, CVE-2026-41293, BIT-tomcat-2026-43515, BIT-tomcat-2026-43513, BIT-tomcat-2026-43514, BIT-tomcat-2026-42498, BIT-tomcat-2026-41284, BIT-tomcat-2026-43512, BIT-tomcat-2026-41293] (osv-bomber,osv-scan,owasp)
  · cpe:2.3:a:apache:tomcat::::::::
  ·
- Vulnerabilities in: pkg:npm/js-cookie@3.0.5 [CVE-2026-46625] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat@11.0.21 [BIT-tomcat-2026-43515, CVE-2026-43515, BIT-tomcat-2026-43513, CVE-2026-43513, BIT-tomcat-2026-43514, CVE-2026-43514, BIT-tomcat-2026-42498, CVE-2026-42498, BIT-tomcat-2026-41284, CVE-2026-41284, BIT-tomcat-2026-43512, CVE-2026-43512, BIT-tomcat-2026-41293, CVE-2026-41293] (osv-scan)
  ·
- Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.21 [BIT-tomcat-2026-43515, CVE-2026-43515, BIT-tomcat-2026-43513, CVE-2026-43513, BIT-tomcat-2026-43514, CVE-2026-43514, BIT-tomcat-2026-42498, CVE-2026-42498, BIT-tomcat-2026-41284, CVE-2026-41284, BIT-tomcat-2026-43512, CVE-2026-43512, BIT-tomcat-2026-41293, CVE-2026-41293] (osv-scan)
  ·
- Vulnerabilities in: pkg:maven/com.networknt/json-schema-validator@1.5.9 [CVE-2025-15104] (owasp)
  · cpe:2.3:a:validator:validator::::::::
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
  · cpe:2.3:a:ada:ada::::::::
- Vulnerabilities in: pkg:maven/com.vaadin/vaadin-swing-kit-flow@3.0.1 [CVE-2021-33604] (owasp)
  👌 false report: this CVE is targeting Vaadin version prior 20, swing-kit-flow is using vaadin 24+ version, the related issue has been fixed.
  · cpe:2.3:a:vaadin:flow-server::::::::
  · cpe:2.3:a:vaadin:vaadin::::::::
📔 No Core License Issues
📔 No License Issues
🟠 Changes in 25.1-SNAPSHOT since V25.1.5
- 112 packages modified (23 external, 89 vaadin)
- 546 packages same (400 external, 146 vaadin)

[Click for more Details]

chore: Update vaadin-quarkus to 3.1.2

ad61676

Merge branch '25.1' into chore/bump-quarkus-addon-25.1

0dd6499

ZheSun88 approved these changes May 22, 2026

View reviewed changes

ZheSun88 enabled auto-merge (squash) May 22, 2026 12:11

ZheSun88 merged commit cc38535 into 25.1 May 22, 2026
3 of 4 checks passed

ZheSun88 deleted the chore/bump-quarkus-addon-25.1 branch May 22, 2026 13:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: Update vaadin-quarkus to 3.1.2 (25.1)#8927

chore: Update vaadin-quarkus to 3.1.2 (25.1)#8927
ZheSun88 merged 2 commits into
25.1from
chore/bump-quarkus-addon-25.1

mcollovati commented May 22, 2026

Uh oh!

github-actions Bot commented May 22, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

mcollovati commented May 22, 2026

Uh oh!

github-actions Bot commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependencies Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions Bot commented May 22, 2026 •

edited

Loading