chore: update versions.json in main with latest WC by vaadin-bot · Pull Request #8742 · vaadin/platform

vaadin-bot · 2026-04-02T08:54:04Z

No description provided.

github-actions · 2026-04-02T11:37:03Z

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:maven/org.codehaus.plexus/plexus-utils@3.6.0 [CVE-2025-67030] (osv-bomber,osv-scan,owasp)
  · cpe:2.3:a:codehaus-plexus:plexus-utils::::::::
- Vulnerabilities in: pkg:maven/org.springframework.security/spring-security-web@7.0.0 [CVE-2026-22732] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/serialize-javascript@6.0.2 [GHSA-5c6j-r48x-rmvq, CVE-2026-34043] (osv-bomber,oss-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/glob@11.1.0 [CVE-2025-64756] (oss-bomber)
  ·
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
  · cpe:2.3:a:ada:ada::::::::
📔 Found Core License Issues:
- Invalid license 'https://vaadin.com/commercial-license-and-service-terms' in: pkg:maven/com.vaadin/vaadin-charts-flow@25.2-SNAPSHOT
📔 No License Issues

chore: update versions.json in main with latest WC

a40e595

ZheSun88 approved these changes Apr 2, 2026

View reviewed changes

ZheSun88 enabled auto-merge (squash) April 2, 2026 08:57

Merge branch 'main' into update-main-1775120042690

55f32ec

ZheSun88 disabled auto-merge April 2, 2026 11:57

ZheSun88 merged commit 355b953 into main Apr 2, 2026
2 of 3 checks passed

ZheSun88 deleted the update-main-1775120042690 branch April 2, 2026 11:58

Provide feedback