Skip to content

Bump com.vaadin:vaadin-shared from 8.20.3 to 8.28.4#75

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/gradle/com.vaadin-vaadin-shared-8.28.4
Open

Bump com.vaadin:vaadin-shared from 8.20.3 to 8.28.4#75
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/gradle/com.vaadin-vaadin-shared-8.28.4

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 16, 2025
edited
Loading

Bumps com.vaadin:vaadin-shared from 8.20.3 to 8.28.4.

Release notes

Sourced from com.vaadin:vaadin-shared's releases.

Vaadin Framework 8.28.4 is an Extended Maintenance update release with the following changes:

  • Fixed critical issue in license checking which became evident with 8.28.3 during the release. While the 8.28.3 release artifacts are available, build announcements were held back due to this issue. This release restores old behavior.
  • Fixed a NullPointerException in Push (Atmosphere) where a missing null check in a logging call would create a mystery stack trace on the server when attempting to communicate with an already disconnected client. This is likely the fix to an issue reported in Flow.
  • Fixed the Push version check to not complain about vaadin-push-jakarta.
  • Fixed an issue where getBeanPropertyDescriptors() could include properties more than once in the returned results list. This is a backport of [Flow PR #21836](vaadin/flow#21836).
  • Updated license checker for improved compatibility.

Vaadin Framework 8.28.2 is an Extended Maintenance hotfix release with the following changes:

  • Fixed a bug where scrolling in a UI with a menubar would attempt to close the menubar popup even when the popup didn't exist, resulting in a cascade of JavaScript errors in the console.
  • Improved Upload component handling so that the receiveUpload handler will not get triggered if the upload has been interrupted in startListener.
  • Updated the JNA and OSHI dependencies for security.

Vaadin Framework 8.28.1 is an Extended Maintenance hotfix release with the following change:

  • The Grid fix in 8.28.0 that made sure that DOM contents are not altered unless there is a need to update them was missing the logic for the Vaadin 8 version of Grid's TextRenderer, while it was added for the Vaadin 7 compatibility Grid. This hotfix version adds the TextRenderer logic to the Vaadin 8 Grid.

Vaadin Framework 8.28.0 is an Extended Maintenance release with the following changes:

  • Fixed a Grid issue that was affecting at least Firefox where attempts to copy and paste text became difficult or impossible due to how Grid handled cell value updates during a refresh. Cells are refreshed every time a cell is clicked.

  • Fixed a MenuBar issue where the popup menu would become detached from the MenuBar and possibly inaccessible if the browser window was resized or scrolled. The popup menu will now be closed if a resize or mousewheel event is detected.

  • Improved Grid accessibility regarding navigation. A new accessible navigation mode is introduced which changes Grid focus handling and DOM properties such that NVDA and similar screen readers will correctly announce current cell contents, allow proper tab navigation, properly reacts to header rows and adjusts the handling of the focus visuals to match. This new functionality can be toggled on and off using the API Grid.setAccessibleNavigation(boolean) and the status checked using Grid.isAccessibleNavigation().

  • Fixed Combobox behavior so that the aria-expanded property is correctly handled when the combobox dropdown is opened and closed. This fixes combobox related issues with screen readers.

Vaadin Framework 8.27.7 is an Extended Maintenance patch release with the following changes:

  • Major update to Vaadin Maven Plugin to avoid depending on obsolete packages with open CVEs. While none of the affected packages have presented an actual risk to users due to how they were used within the Vaadin build process, they were being flagged as security issues, and as such were undesireable to have in the dependency list.
  • Fixed an issue where the SessionDestroyListener would receive a null WrappedSession instance and thus the HTTP session could not be explicitly invalidated. This is a backport from Flow. See Flow issue #6959.
  • Fixed Grid's sorting indicator visibility when using the Runo theme.

Vaadin Framework 8.27.6 is an Extended Maintenance patch release with the following changes:

  • Fixed an issue with license checking related to pro components (Charts, Spreadsheet, etc.). The widgetset compilation process was incorrectly checking for an old form product key in certain edge cases, and would cause the build to fail when the key could not be found.

Vaadin Framework 8.27.5 is an Extended Maintenance patch release with the following changes:

  • Fixed an issue where exceptions might not be properly processed as a component is being detached. Exceptions are now caught both when handling the detach event and when calling detach manually. The detach event now fires reliably when the connector tracker is updated even when an exception occurs during detach.

  • Altered handling of the eager UI cleanup feature to not use the beforeunload event as a workaround on Safari. Safari will instead use the default pagehide event to listen for imminent UI disposal. Using the beforeunload event caused an issue where resource links would erroneously be treated as navigation away from the current UI, causing the UI to be invalidated.

    Firefox and Internet Explorer still use the beforeunload event to signal cleanup for the UI.

... (truncated)

Changelog

Sourced from com.vaadin:vaadin-shared's changelog.

Vaadin 8.28.4

  • Fixed critical issue in license checking which became evident with 8.28.3 during the release. While the 8.28.3 release artifacts are available, build announcements were held back due to this issue. This release restores old behavior.
  • Fixed a NullPointerException in Push (Atmosphere) where a missing null check in a logging call would create a mystery stack trace on the server when attempting to communicate with an already disconnected client. This is likely the fix to an issue reported in Flow.
  • Fixed the Push version check to not complain about vaadin-push-jakarta.

Vaadin 8.28.3

Warning: this release has been determined to be faulty and should not be used. Either use 8.28.2 or 8.28.4.

  • Fixed an issue where getBeanPropertyDescriptors() could include properties more than once in the returned results list. This is a backport of [Flow PR #21836](vaadin/flow#21836).
  • Updated license checker for improved compatibility.

Vaadin 8.28.2

  • Fixed a bug where scrolling in a UI with a menubar would attempt to close the menubar popup even when the popup didn't exist, resulting in a cascade of JavaScript errors in the console.
  • Improved Upload component handling so that the receiveUpload handler will not get triggered if the upload has been interrupted in startListener.
  • Updated the JNA and OSHI dependencies for security.

Vaadin 8.28.1

  • Hotfix: the Grid fix in 8.28.0 that made sure that DOM contents are not altered unless there is a need to update them was missing the logic for the Vaadin 8 version of Grid's TextRenderer, while it was added for the Vaadin 7 compatibility Grid. This hotfix version adds the TextRenderer logic to the Vaadin 8 Grid.

Vaadin 8.28.0

  • Fixed a Grid issue that was affecting at least Firefox where attempts to copy and paste text became difficult or impossible due to how Grid handled cell value updates during a refresh. Cells are refreshed every time a cell is clicked.

  • Fixed a MenuBar issue where the popup menu would become detached from the MenuBar and possibly inaccessible if the browser window was resized or scrolled. The popup menu will now be closed if a resize or mousewheel event is detected.

  • Improved Grid accessibility regarding navigation. A new accessible navigation mode is introduced which changes Grid focus handling and DOM properties such that NVDA and similar screen readers will correctly announce current cell contents, allow proper tab navigation, properly reacts to header rows and adjusts the handling of the focus visuals to match. This new functionality can be toggled on and off using the API Grid.setAccessibleNavigation(boolean) and the status checked using Grid.isAccessibleNavigation().

  • Fixed Combobox behavior so that the aria-expanded property is correctly handled when the combobox dropdown is opened and closed. This fixes combobox related issues with screen readers.

Vaadin 8.27.7

  • Major update to Vaadin Maven Plugin to avoid depending on obsolete packages with open CVEs. While none of the affected packages have presented an actual risk to users due to how they were used within the Vaadin build process, they were being flagged as security issues, and as such were undesireable to have in the dependency list.

  • Fixed an issue where the SessionDestroyListener would receive a null WrappedSession instance and thus the HTTP session could not be explicitly invalidated. This is a backport from Flow. See Flow issue #6959.

  • Fixed Grid's sorting indicator visibility when using the Runo theme.

Vaadin 8.27.6

  • Fixed an issue with license checking related to pro components (Charts, Spreadsheet, etc.). The widgetset compilation process was incorrectly checking for an old form product key in certain edge cases, and would cause the build to fail when the key could not be found.

Vaadin 8.27.5

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump com.vaadin:vaadin-shared from 8.20.3 to 8.28.4
29693ed 
Bumps [com.vaadin:vaadin-shared](https://github.com/vaadin/framework) from 8.20.3 to 8.28.4.
- [Release notes](https://github.com/vaadin/framework/releases)
- [Changelog](https://github.com/vaadin/framework/blob/master/CHANGELOG-VAADIN8.md)
- [Commits](vaadin/framework@8.20.3...8.28.4)

---
updated-dependencies:
- dependency-name: com.vaadin:vaadin-shared
  dependency-version: 8.28.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Sep 16, 2025
@dependabot dependabot bot mentioned this pull request Sep 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants