update hilla to 25.2.0-alpha1 by vaadin-bot · Pull Request #8745 · vaadin/platform

vaadin-bot · 2026-04-02T12:07:26Z

No description provided.

github-actions · 2026-04-02T12:35:33Z

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:maven/org.codehaus.plexus/plexus-utils@3.6.0 [CVE-2025-67030] (osv-bomber,osv-scan,owasp)
  · cpe:2.3:a:codehaus-plexus:plexus-utils::::::::
- Vulnerabilities in: pkg:maven/org.springframework.security/spring-security-web@7.0.0 [CVE-2026-22732] (osv-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/serialize-javascript@6.0.2 [GHSA-5c6j-r48x-rmvq, CVE-2026-34043] (osv-bomber,oss-bomber,osv-scan)
  ·
- Vulnerabilities in: pkg:npm/glob@11.1.0 [CVE-2025-64756] (oss-bomber)
  ·
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
  · cpe:2.3:a:ada:ada::::::::
📔 Found Core License Issues:
- Invalid license 'https://vaadin.com/commercial-license-and-service-terms' in: pkg:maven/com.vaadin/vaadin-charts-flow@25.2-SNAPSHOT
📔 No License Issues

update hilla to 25.2.0-alpha1

15c9975

ZheSun88 approved these changes Apr 2, 2026

View reviewed changes

ZheSun88 enabled auto-merge (squash) April 2, 2026 12:52

ZheSun88 disabled auto-merge April 2, 2026 12:59

ZheSun88 merged commit fa790a9 into main Apr 2, 2026
2 of 3 checks passed

ZheSun88 deleted the update-hilla-25.2.0-alpha1-1775131642 branch April 2, 2026 12:59

Provide feedback