update copilot to 24.7.0.alpha8 #7251

vaadin-bot · 2025-02-06T06:44:47Z

No description provided.

github-actions · 2025-02-06T07:42:02Z

🚫 Vulnerabilities:
- Vulnerabilities in: pkg:npm/[email protected] [CVE-2024-34394] (osv-scan)
  👌 This is coming from the tools, @cyclonedx/cyclonedx, we have used for sbom module, FP for us.
  ·
- Vulnerabilities in: pkg:maven/com.squareup.okhttp3/[email protected] [CVE-2023-0833] (owasp)
  · cpe:2.3:a:redhat:a-mq_streams::::::::
  · cpe:2.3:a:squareup:okhttp::::::::
🟠 Known Vulnerabilities:
- Vulnerabilities in: pkg:maven/com.fasterxml.jackson.core/[email protected] [CVE-2023-35116] (owasp)
  👌 Not a valid CVE report based on the vendor analysis and research
  · cpe:2.3:a:fasterxml:jackson-databind::::::::
- Vulnerabilities in: pkg:maven/me.friwi/jcef-api@jcef-99c2f7a%2Bcef-127.3.1%2Bg6cbb30e%2Bchromium-127.0.6533.100 [CVE-2024-21639, CVE-2024-21640] (owasp)
  👌 Wait for the update from the jcefmaven community. Meanwhile the swing-kit is supposed to be used with fixed websites and not to browse the internet, we have a check for that, so the only possible attacker would be the same person that created the swing application, aka our customer devs. so this vulnerability is not classified by us as critical issue
  · cpe:2.3:a:chromiumembedded:chromium_embedded_framework::::::::
📔 No Core License Issues
📔 No License Issues
🟠 Changes in 24.7-SNAPSHOT since V24.7.0.alpha7
- 45 packages modified (19 external, 26 vaadin)
- 1059 packages same (859 external, 200 vaadin)

update copilot to 24.7.0.alpha8

49f902a

ZheSun88 approved these changes Feb 6, 2025

View reviewed changes

ZheSun88 enabled auto-merge (squash) February 6, 2025 06:50

ZheSun88 merged commit d2d0c06 into main Feb 6, 2025
3 of 4 checks passed

ZheSun88 deleted the update-copilot-24.7.0.alpha8-1738824283 branch February 6, 2025 07:14

Provide feedback