Bump com.vaadin:vaadin-shared from 8.20.3 to 8.28.2

[dependabot]

Bumps com.vaadin:vaadin-shared from 8.20.3 to 8.28.2.

Release notes

Sourced from com.vaadin:vaadin-shared's releases.

Vaadin Framework 8.28.1 is an Extended Maintenance hotfix release with the following change:

• The Grid fix in 8.28.0 that made sure that DOM contents are not altered unless there is a need to update them was missing the logic for the Vaadin 8 version of Grid's TextRenderer, while it was added for the Vaadin 7 compatibility Grid. This hotfix version adds the TextRenderer logic to the Vaadin 8 Grid.

Vaadin Framework 8.28.0 is an Extended Maintenance release with the following changes:

• Fixed a Grid issue that was affecting at least Firefox where attempts to copy and paste text became difficult or impossible due to how Grid handled cell value updates during a refresh. Cells are refreshed every time a cell is clicked.

• Fixed a MenuBar issue where the popup menu would become detached from the MenuBar and possibly inaccessible if the browser window was resized or scrolled. The popup menu will now be closed if a resize or mousewheel event is detected.

• Improved Grid accessibility regarding navigation. A new accessible navigation mode is introduced which changes Grid focus handling and DOM properties such that NVDA and similar screen readers will correctly announce current cell contents, allow proper tab navigation, properly reacts to header rows and adjusts the handling of the focus visuals to match. This new functionality can be toggled on and off using the API Grid.setAccessibleNavigation(boolean) and the status checked using Grid.isAccessibleNavigation().

• Fixed Combobox behavior so that the aria-expanded property is correctly handled when the combobox dropdown is opened and closed. This fixes combobox related issues with screen readers.

Vaadin Framework 8.27.7 is an Extended Maintenance patch release with the following changes:

• Major update to Vaadin Maven Plugin to avoid depending on obsolete packages with open CVEs. While none of the affected packages have presented an actual risk to users due to how they were used within the Vaadin build process, they were being flagged as security issues, and as such were undesireable to have in the dependency list.
• Fixed an issue where the SessionDestroyListener would receive a null WrappedSession instance and thus the HTTP session could not be explicitly invalidated. This is a backport from Flow. See Flow issue #6959.
• Fixed Grid's sorting indicator visibility when using the Runo theme.

Vaadin Framework 8.27.6 is an Extended Maintenance patch release with the following changes:

• Fixed an issue with license checking related to pro components (Charts, Spreadsheet, etc.). The widgetset compilation process was incorrectly checking for an old form product key in certain edge cases, and would cause the build to fail when the key could not be found.

Vaadin Framework 8.27.5 is an Extended Maintenance patch release with the following changes:

• Fixed an issue where exceptions might not be properly processed as a component is being detached. Exceptions are now caught both when handling the detach event and when calling detach manually. The detach event now fires reliably when the connector tracker is updated even when an exception occurs during detach.

• Altered handling of the eager UI cleanup feature to not use the beforeunload event as a workaround on Safari. Safari will instead use the default pagehide event to listen for imminent UI disposal. Using the beforeunload event caused an issue where resource links would erroneously be treated as navigation away from the current UI, causing the UI to be invalidated.

  Firefox and Internet Explorer still use the beforeunload event to signal cleanup for the UI.

Vaadin Framework 8.27.4 is an Extended Maintenance patch release with the following changes:

• Added feature to automatically resume Push connection when a client unexpectedly loses communication with the server. Pending Push messages are now cached on the server until the session times out or connectivity is restored for a better user experience.

  This is a backport of Flow pull request #20283.

• Fixed Framework issue #11699. Previously, calling UI.getCurrent() inside a UI.access() callback could return a random UI instance under certain circumastances. CurrentInstance is now properly cleared before the current session reference is set before running any pending access callbacks.

  This is a backport of Flow pull request #20255.

• Moved (some) blocking calls outside of session lock. Fixes a potential deadlock issue.

  This is a backport of Flow pull request #20475.

• Specified pointer-events: auto as default for overlay containers in the Valo theme. This fixes an edge case where users were unable to select values from V8 comboboxes placed inside a V14 Dialog component when running under the Vaadin Multi Platform Runtime.

Vaadin Framework 8.27.3 is an Extended Maintenance patch release with the following changes:

... (truncated)

Changelog

Sourced from com.vaadin:vaadin-shared's changelog.

Vaadin 8 extended maintenance version changelog

Vaadin 8.28.1

• Hotfix: the Grid fix in 8.28.0 that made sure that DOM contents are not altered unless there is a need to update them was missing the logic for the Vaadin 8 version of Grid's TextRenderer, while it was added for the Vaadin 7 compatibility Grid. This hotfix version adds the TextRenderer logic to the Vaadin 8 Grid.

Vaadin 8.28.0

• Fixed a Grid issue that was affecting at least Firefox where attempts to copy and paste text became difficult or impossible due to how Grid handled cell value updates during a refresh. Cells are refreshed every time a cell is clicked.

• Fixed a MenuBar issue where the popup menu would become detached from the MenuBar and possibly inaccessible if the browser window was resized or scrolled. The popup menu will now be closed if a resize or mousewheel event is detected.

• Improved Grid accessibility regarding navigation. A new accessible navigation mode is introduced which changes Grid focus handling and DOM properties such that NVDA and similar screen readers will correctly announce current cell contents, allow proper tab navigation, properly reacts to header rows and adjusts the handling of the focus visuals to match. This new functionality can be toggled on and off using the API Grid.setAccessibleNavigation(boolean) and the status checked using Grid.isAccessibleNavigation().

• Fixed Combobox behavior so that the aria-expanded property is correctly handled when the combobox dropdown is opened and closed. This fixes combobox related issues with screen readers.

Vaadin 8.27.7

• Major update to Vaadin Maven Plugin to avoid depending on obsolete packages with open CVEs. While none of the affected packages have presented an actual risk to users due to how they were used within the Vaadin build process, they were being flagged as security issues, and as such were undesireable to have in the dependency list.

• Fixed an issue where the SessionDestroyListener would receive a null WrappedSession instance and thus the HTTP session could not be explicitly invalidated. This is a backport from Flow. See Flow issue #6959.

• Fixed Grid's sorting indicator visibility when using the Runo theme.

Vaadin 8.27.6

• Fixed an issue with license checking related to pro components (Charts, Spreadsheet, etc.). The widgetset compilation process was incorrectly checking for an old form product key in certain edge cases, and would cause the build to fail when the key could not be found.

Vaadin 8.27.5

• Fixed an issue where exceptions might not be properly processed as a component is being detached. Exceptions are now caught both when handling the detach event and when calling detach manually. The detach event now fires reliably when the connector tracker is updated even when an exception occurs during detach.

• Altered handling of the eager UI cleanup feature to not use the beforeunload event as a workaround on Safari. Safari will instead use the default pagehide event to listen for imminent UI disposal. Using the beforeunload event caused an issue where resource links would erroneously be treated as navigation away from the current UI, causing the UI to be invalidated.

  Firefox and Internet Explorer still use the beforeunload event to signal cleanup for the UI.

Vaadin 8.27.4

• Added feature to automatically resume Push connection when a client unexpectedly loses communication with the server. Pending Push messages are now cached on the server until the session times out or connectivity is restored for a better user experience.

  This is a backport of Flow pull request #20283.

• Fixed Framework issue #11699. Previously, calling UI.getCurrent() inside a UI.access() callback could return a random UI instance under certain circumastances. CurrentInstance is now properly cleared before the current session reference is set before running any pending access callbacks.

  This is a backport of Flow pull request #20255.

• Moved (some) blocking calls outside of session lock. Fixes a potential deadlock issue.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #74.