Update vaadin.version to v25.1.7

[xdev-renovate]

This PR contains the following updates:

Package	Type	Update	Change
com.vaadin:vaadin-bom (source)	import	patch	25.1.5 → 25.1.7
com.vaadin:vaadin-maven-plugin (source)	build	patch	25.1.5 → 25.1.7

---

Release Notes

vaadin/platform (com.vaadin:vaadin-bom)

v25.1.7: Vaadin 25.1.7

Compare Source

This is a maintenance release for Vaadin 25.1. See 25.1.0 release notes for details and resources.

Changes since 25.1.6

• Flow: 25.1.7 → 25.1.8, 25.1.9 → 25.1.10
• Hilla: 25.1.5 → 25.1.6
• Web Components: 25.1.3 → 25.1.4
• Flow Components: 25.1.6 → 25.1.7
• Copilot: 25.1.5 → 25.1.6
• Quarkus plugin: 3.1.2 → 3.1.3

Unchanged Modules

• TestBench: 10.1.2
• Browserless Test: 1.0.0
• Multiplatform Runtime (MPR): 8.0.1
• Router: 2.0.1
• Collaboration Engine: 7.0.0
• Kubernetes Kit: 3.1.1
• Observability Kit: 4.1.1
• SSO Kit: 4.1.2
• CDI add-on: 16.0.1
• AppSec Kit: 4.0.2 (docs)
• Azure Kit: 1.0.0 (docs)
• Swing Kit: 3.0.1 (docs)

Note:

We are aware of the following CVEs (CVE-2026-43515, CVE-2026-43513, CVE-2026-43514, CVE-2026-42498, CVE-2026-41284, CVE-2026-43512, CVE-2026-41293) from Tomcat, which is a transitive dependency from SpringBoot 4.0.6. Tomcat is a runtime deployment choice made by application developers, which Vaadin does not use or depend on. You can be upgraded on the application side to Tomcat 9.0.118+, 10.1.55+ or 11.0.22+. The corresponding updates will come in their next releases (SpringBoot 4.0.7).

v25.1.6: Vaadin 25.1.6

Compare Source

This is a maintenance release for Vaadin 25.1. See 25.1.0 release notes for details and resources.

Changelogs

• Flow (25.1.7) and Hilla (25.1.5)
• Design System
  • Web Components (25.1.3)
  • Flow Components (25.1.6)
• TestBench (10.1.2)
• Browserless Test(1.0.0)
• Feature Pack(25.0.0)
• Modernization Toolkit (Documentation)
  • Feature Pack (Documentation)
  • Dragonfly (Documentation)
  • Modernization Toolkit Analyzer (Analyzer for Eclipse, Analyzer for Maven)
• Multiplatform Runtime (MPR) (8.0.1)
• Router (2.0.1)
• Vaadin Kits
  • AppSec Kit (4.0.2)
  • Azure Kit (1.0.0)
  • Collaboration Engine (7.0.0)
  • Copilot (25.1.5)
  • Kubernetes Kit (3.1.1)
  • Observability Kit (4.1.1)
  • SSO Kit (4.1.2)
  • Swing Kit (3.0.1)

Official add-ons and plugins:

• Spring add-on (25.1.7)
• CDI add-on (16.0.1)
• Maven plugin (25.1.6)
• Gradle plugin (25.1.6)
• Quarkus plugin (3.1.2)

Note:

We are aware of the following CVEs (CVE-2026-43515, CVE-2026-43513, CVE-2026-43514, CVE-2026-42498, CVE-2026-41284, CVE-2026-43512, CVE-2026-41293) from Tomcat, which is a transitive dependency from SpringBoot 4.0.6. Tomcat is a runtime deployment choice made by application developers, which Vaadin does not use or depend on. You can be upgraded on the application side to Tomcat 9.0.118+, 10.1.55+ or 11.0.22+. The corresponding updates will come in their next releases (SpringBoot 4.0.7).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.