Skip to content

update copilot to 25.2.0-rc1#9044

Merged
ZheSun88 merged 3 commits into
25.2from
update-copilot-25.2.0-rc1-1781709258
Jun 17, 2026
Merged

update copilot to 25.2.0-rc1#9044
ZheSun88 merged 3 commits into
25.2from
update-copilot-25.2.0-rc1-1781709258

Conversation

@vaadin-bot

@vaadin-bot vaadin-bot commented Jun 17, 2026
edited by ZheSun88
Loading

Copy link
Copy Markdown
Contributor

update hilla, testbench, browserless-test to rc version

vaadin-bot and others added 3 commits June 17, 2026 15:14
@vaadin-bot
update copilot to 25.2.0-rc1
82ff944
@vaadin-bot @ZheSun88
update hilla to 25.2.0-rc2 (#9042)
e455552 
* update hilla to 25.2.0-rc2

* chore: upgrade testbench to 25.2.0-rc1 and browserless-test to rc1

* chore: upgrade testbench to 25.2.0-rc1 (25.2)

* browserless 1.1.0-rc1

---------

Co-authored-by: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
@vaadin-bot @web-padawan
chore: add breadcrumbs to react-components exclusions (#9043) (#9045)
cd45b6f 
Co-authored-by: Serhii Kulykov <iamkulykov@gmail.com>
@ZheSun88 ZheSun88 enabled auto-merge (squash) June 17, 2026 15:19
@github-actions

github-actions Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Dependencies Report

  • 🟠 Known Vulnerabilities:

    • Vulnerabilities in: pkg:npm/%40opentelemetry/core@1.9.0 [CVE-2026-54285] (osv-bomber)
      👌 Not affected: @opentelemetry/core is a transitive dep of the browser Web SDK and is used only to ORIGINATE spans. The vulnerable W3CBaggagePropagator.extract() (inbound untrusted baggage parsing) is never on the execution path. vulnerable_code_not_in_execute_path.
      ·
    • Vulnerabilities in: pkg:npm/%40opentelemetry%2Fcore@1.8.0 [CVE-2026-54285] (osv-scan)
      👌 Not affected: @opentelemetry/core is a transitive dep of the browser Web SDK and is used only to ORIGINATE spans. The vulnerable W3CBaggagePropagator.extract() (inbound untrusted baggage parsing) is never on the execution path. vulnerable_code_not_in_execute_path.
      ·
    • Vulnerabilities in: pkg:npm/%40opentelemetry%2Fcore@1.9.0 [CVE-2026-54285] (osv-scan)
      👌 Not affected: @opentelemetry/core is a transitive dep of the browser Web SDK and is used only to ORIGINATE spans. The vulnerable W3CBaggagePropagator.extract() (inbound untrusted baggage parsing) is never on the execution path. vulnerable_code_not_in_execute_path.
      ·
    • Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
      👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
      · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
      · cpe:2.3:a:ada:ada::::::::
    • Vulnerabilities in: pkg:maven/com.vaadin/vaadin-swing-kit-flow@3.0.1 [CVE-2021-33604] (owasp)
      👌 false report: this CVE is targeting Vaadin version prior 20, swing-kit-flow is using vaadin 24+ version, the related issue has been fixed.
      · cpe:2.3:a:vaadin:flow-server::::::::
      · cpe:2.3:a:vaadin:vaadin::::::::

  • 📔 No Core License Issues

  • 📔 No License Issues

  • 🟠 Changes in 25.2-SNAPSHOT since V25.2.0-beta3

    • 1 packages removed (1 external, 0 vaadin)
    • 5 packages added (2 external, 3 vaadin)
    • 132 packages modified (26 external, 106 vaadin)
    • 527 packages same (398 external, 129 vaadin)

[Click for more Details]

@ZheSun88 ZheSun88 disabled auto-merge June 17, 2026 15:25
@ZheSun88 ZheSun88 enabled auto-merge (squash) June 17, 2026 15:26
@ZheSun88 ZheSun88 merged commit 8eed065 into 25.2 Jun 17, 2026
5 checks passed
@ZheSun88 ZheSun88 deleted the update-copilot-25.2.0-rc1-1781709258 branch June 17, 2026 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZheSun88 ZheSun88 ZheSun88 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vaadin-bot @ZheSun88