Skip to content

chore: upgrade testbench to 10.1.0/BLT 1.0.0 (#8688) (CP: 25.1)#8689

Merged
ZheSun88 merged 1 commit into25.1from
cherry-pick-8688-to-25.1-1774275308613
Mar 23, 2026
Merged

chore: upgrade testbench to 10.1.0/BLT 1.0.0 (#8688) (CP: 25.1)#8689
ZheSun88 merged 1 commit into25.1from
cherry-pick-8688-to-25.1-1774275308613

Conversation

@vaadin-bot
Copy link
Contributor

@vaadin-bot vaadin-bot commented Mar 23, 2026

This PR cherry-picks changes from the original PR #8688 to branch 25.1.

Original PR description

No description provided in the original PR.

@ZheSun88 @vaadin-bot
chore: upgrade testbench to 10.1.0/BLT 1.0.0 (#8688)
4d79f61 
* chore: upgrade testbench to 10.1.0

* upgrade browserless to 1.0.0
@ZheSun88 ZheSun88 enabled auto-merge (squash) March 23, 2026 14:21
@ZheSun88 ZheSun88 merged commit 8defbc4 into 25.1 Mar 23, 2026
3 of 4 checks passed
@ZheSun88 ZheSun88 deleted the cherry-pick-8688-to-25.1-1774275308613 branch March 23, 2026 15:10
@github-actions
Copy link

github-actions bot commented Mar 23, 2026

Dependencies Report

  • 🚫 Vulnerabilities:

    • Vulnerabilities in: pkg:maven/org.springframework/spring-webmvc@7.0.5 [CVE-2026-22737, CVE-2026-22735] (osv-bomber,osv-scan)
      ·
    • Vulnerabilities in: pkg:maven/tools.jackson.core/jackson-core@3.0.4 [CVE-2026-29062, GHSA-72hv-8253-57qq] (osv-bomber,osv-scan,owasp)
      · cpe:2.3:a:fasterxml:jackson-core::::::::
      ·
    • Vulnerabilities in: pkg:maven/org.springframework.security/spring-security-web@7.0.0 [CVE-2026-22732] (osv-bomber,osv-scan)
      ·
    • Vulnerabilities in: pkg:npm/serialize-javascript@6.0.2 [GHSA-5c6j-r48x-rmvq] (osv-bomber)
      ·
    • Vulnerabilities in: pkg:npm/glob@11.1.0 [CVE-2025-64756] (oss-bomber)
      ·
    • Vulnerabilities in: pkg:maven/org.springframework/spring-webflux@7.0.5 [CVE-2026-22737, CVE-2026-22735] (osv-scan)
      ·
    • Vulnerabilities in: pkg:maven/com.fasterxml.jackson.core/jackson-core@3.0.4 [] ()
      ·
    • Vulnerabilities in: pkg:maven/tools.jackson.core/jackson-databind@3.0.4 [CVE-2026-29062] (owasp)
      · cpe:2.3:a:fasterxml:jackson-core::::::::

  • 🟠 Known Vulnerabilities:

    • Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-ca49ada%2Bcef-135.0.20%2Bge7de5c3%2Bchromium-135.0.7049.85 [CVE-2024-21639, CVE-2024-21640, CVE-2024-9410] (owasp)
      👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
      · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
      · cpe:2.3:a:ada:ada::::::::

  • 📔 No Core License Issues

  • 📔 No License Issues

  • 🟠 Changes in 25.1-SNAPSHOT since V25.1.0-rc2

    • 17 packages modified (16 external, 1 vaadin)
    • 894 packages same (660 external, 234 vaadin)

[Click for more Details]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZheSun88 ZheSun88 ZheSun88 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vaadin-bot @ZheSun88