Bump the minor-updates group with 12 updates

[dependabot]

Bumps the minor-updates group with 12 updates:

Package	From	To
com.vaadin:vaadin-bom	25.1.1	25.1.4
org.postgresql:postgresql	42.7.10	42.7.11
org.xerial:sqlite-jdbc	3.51.3.0	3.53.0.0
commons-codec:commons-codec	1.21.0	1.22.0
commons-io:commons-io	2.21.0	2.22.0
com.discord4j:discord4j-core	3.3.1	3.3.2
org.springdoc:springdoc-openapi-starter-webmvc-ui	3.0.2	3.0.3
org.projectlombok:lombok	1.18.44	1.18.46
org.springframework.boot	4.0.5	4.0.6
com.vaadin	25.1.1	25.1.4
org.flywaydb.flyway	12.3.0	12.5.0
gradle-wrapper	9.4.1	9.5.0

Updates com.vaadin:vaadin-bom from 25.1.1 to 25.1.4

Updates org.postgresql:postgresql from 42.7.10 to 42.7.11

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

• fix: Add sources and javadocs to shaded published lib generation @​sehrope (#4043)
• update Changelog and website for release of 42.7.11 @​davecramer (#4042)
• Fix scram fix location in changelog and update published artifact developer list @​sehrope (#4041)
• Restrict test with scram_iterations to v16+ and release notes @​sehrope (#4040)
• chore(deps): update ubuntu:24.04 docker digest to 84e77de @​renovate-bot (#4017)
• test: add tests for QueryExecutor#getTransactionState @​vlsi (#4006)
• chore(deps): update actions/create-github-app-token action to v2.2.2 @​renovate-bot (#3983)
• fix: fix flaky CopyBothResponseTest by using WAL flush LSN @​vlsi (#3979)
• fix: fix flaky replication restart tests by waiting for confirmed_flush_lsn @​vlsi (#3975)
• test: fix flaky LogicalReplicationStatusTest by polling pg_stat_replication @​vlsi (#3974)
• chore: replace Appveyor with ikalnytskyi/action-setup-postgres @​vlsi (#3966)
• test: move test table creation from @​BeforeEach to @​BeforeAll @​vlsi (#3967)
• Return jsonb as PGObject fixes Issue #3926 @​davecramer (#3956)
• Update docker scripts @​davecramer (#3958)
• implement require_auth, this is pretty much how libpq does this. @​davecramer (#3895)
• docs: add SCRAM authentication test setup section to TESTING.md @​emmaeng700 (#3945)
• Add RequireServerVersion annotation for tests @​sehrope (#3939)

🐛 Bug Fixes

• fix: ensure extended protocol messages end with Sync message @​vlsi (#3728)
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @​vlsi (#3996)
• fix: retry with SSL on IOException when sslMode=ALLOW @​vlsi (#3973)
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @​vlsi (#3968)
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @​vlsi (#3962)
• fix: use compareTo for LogSequenceNumber comparison @​vlsi (#3961)
• fix: release COPY lock on IOException to prevent connection hang (#3957) @​vlsi (#3960)

🧰 Maintenance

• style: replace @​exception with @​throws in getBoolean javadoc @​vlsi (#4035)
• chore: use @​vlsi/github-actions-random-matrix npm package @​vlsi (#4008)
• chore: use tag names for pinning github actions, pin ikalnytskyi/action-setup-postgres @​vlsi (#4007)
• chore: bump errorprone to 2.48.0 @​vlsi (#4005)
• test: add @​DisableLogger annotation to suppress expected log warnings in tests @​vlsi (#3971)
• chore: suppress deprecations in test code to reduce build verbosity @​vlsi (#3972)
• chore: replace log warning in ConnectionFactory.closeStream with Throwable.addSuppressed @​vlsi (#3970)
• chore: use greedy pairwise coverage for CI matrix generation @​vlsi (#3965)
• chore: use full version tags in GitHub Actions comments @​vlsi (#3963)

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

• feat: implement require_auth connection property, aligning with libpq behavior [PR #3895](pgjdbc/pgjdbc#3895)

Changed

• chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres [PR #3966](pgjdbc/pgjdbc#3966)
• chore: upgrade Gradle to v9 [PR #3978](pgjdbc/pgjdbc#3978)

Fixed

• fix: ensure extended protocol messages end with Sync message [PR #3728](pgjdbc/pgjdbc#3728)
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command [PR #3996](pgjdbc/pgjdbc#3996)
• fix: retry with SSL on IOException when sslMode=ALLOW [PR #3973](pgjdbc/pgjdbc#3973)
• fix: make sure the driver honours connectTimeout when retrying the connection [PR #3968](pgjdbc/pgjdbc#3968)
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in [PR #3968](pgjdbc/pgjdbc#3968)
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers [PR #3962](pgjdbc/pgjdbc#3962)
• fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly [PR #3961](pgjdbc/pgjdbc#3961)
• fix: release COPY lock on IOException to prevent connection hang [PR #3957](pgjdbc/pgjdbc#3957)
• fix: return jsonb as PGObject instead of String [PR #3956](pgjdbc/pgjdbc#3956)
• fix: align SSL key file permission check with libpq [PR #3952](pgjdbc/pgjdbc#3952)
• fix: guard connection closed flag with a reentrant lock to protect against concurrent close [PR #3905](pgjdbc/pgjdbc#3905)

Commits

• 78e261f fix: Add sources and javadocs to shaded published lib generation
• 1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
• d479fa5 Fix scram fix location in changelog and update published artifact developer l...
• b04fc46 docs: Add scram max iters fix to changelog
• cf54822 test: Disable scram test on older version without scram_iterations GUC
• 7dbcc79 test: Add SCRAM max iteration tests
• c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
• a340cb2 style: replace @​exception with @​throws in getBoolean javadoc
• 77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
• 23af03b chore(deps): update actions/checkout action to v6
• Additional commits viewable in compare view

Updates org.xerial:sqlite-jdbc from 3.51.3.0 to 3.53.0.0

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.53.0.0

Changelog

🚀 Features

jdbc

• expose wal_autocheckpoint pragma in SQLiteConfig (dd2adcc), closes #1397

sqlite

• upgrade to sqlite 3.53.0 (baaf087)

unscoped

• publish multiple classifer jars (bdd2b64), closes #1273
• better Android support (7eb6f3f), closes #1378

🛠 Build

deps

• bump org.sonatype.central:central-publishing-maven-plugin (19259e5)
• bump EndBug/add-and-commit from 9 to 10 (f572217)

deps-dev

• bump surefire.version from 3.5.4 to 3.5.5 (b649d25)
• bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (857a754)
• bump org.mockito:mockito-core from 5.21.0 to 5.23.0 (a597952)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Karl-Michael Edlinger, kju2

Commits

• f88e9c7 chore(release): 3.53.0.0 [skip ci]
• bdd2b64 feat: publish multiple classifer jars
• 7eb6f3f feat: better Android support
• 23ead2e chore: update native libraries
• baaf087 feat(sqlite): upgrade to sqlite 3.53.0
• dd2adcc feat(jdbc): expose wal_autocheckpoint pragma in SQLiteConfig
• b649d25 build(deps-dev): bump surefire.version from 3.5.4 to 3.5.5
• 857a754 build(deps-dev): bump org.assertj:assertj-core from 3.27.6 to 3.27.7
• 19259e5 build(deps): bump org.sonatype.central:central-publishing-maven-plugin
• a597952 build(deps-dev): bump org.mockito:mockito-core from 5.21.0 to 5.23.0
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.21.0 to 1.22.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.22.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

• CODEC-326: Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.

•         Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.
  

• CODEC-335: Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.

Fixed Bugs

• CODEC-249: Fix Incorrect transform of CH digraph according Metaphone basic rules #423. Thanks to Shalu Jha, Andrey, Gary Gregory.
• CODEC-317: ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.

•         Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.
  

• CODEC-336: Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.

Changes

•         Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Commits

• 81a6295 Prepare for the release candidate 1.22.0 RC1
• 73104b0 Prepare for the next release candidate
• 8e36214 In-line single use test local variables
• 9bd67e7 Use vararg syntax
• 25e52b0 Use vararg syntax
• e2ebaca Bump github/codeql-action from 4.35.1 to 4.35.2
• 33998a0 Bump actions/upload-artifact from 7.0.0 to 7.0.1
• 50c6583 Bump actions/cache from 5.0.4 to 5.0.5
• b2be3a8 Add @​Override
• 20f09bf Use final.
• Additional commits viewable in compare view

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates com.discord4j:discord4j-core from 3.3.1 to 3.3.2

Release notes

Sourced from com.discord4j:discord4j-core's releases.

v3.3.2

Discord4J v3.3.2

Discord4J v3.3.2 is now available on Maven Central with bugfixes, new features and improvements.

Commits: Discord4J/Discord4J@3.3.1...3.3.2

⚠️ Update considerations (API or behavior changes)

• If your bot use voice features please check https://github.com/Discord4J/Discord4J/blob/master/voice/README.md for how handle the necesary steps for make your bot works with DAVE Protocol
• This update consider using REST/Gateway V10 with all the requirements by discord (ref: https://docs.discord.com/developers/change-log#api-v10)
• The MultipartRequest used for upload of files was updated for handle the V10 requeriments and also handle new rules for another API usades like Community Invites (Discord4J/Discord4J@b60f40c)
• MessageCreateFields.File has a new field called "description" related to how fiels can have this value added, this make any addFile(String name, InputStream stream) method now become addFile(String name, String description, InputStream stream) where this new field is required unless you use MessageCreateFields.File#of static method

⭐️ New features

• Add support for Targeted Invites (#1341)
• Add support for DAVE Protocol (#1344)

📔 Documentation

• Fix mention of deprecated permissions (Discord4J/Discord4J@23d3b85)
• Fix format warnings in docs (Discord4J/Discord4J@b57ca9e)

🔨 Dependency upgrades

• Update Gradle Wrapper and Build with JDK 25 (the target still is 1.8) (Discord4J/Discord4J@e88aa79)
• Include JSpecify (in favor of deprecated Reactor Nullable annotations) (Discord4J/Discord4J@b0aa7d7)
• Update Immutables to 2.12.1
• Update discord-json to 1.7.22

💜 Contributors

Thanks to all contributors and collaborators involved in this release. @​Azn9 @​baskwo @​Doc94

Commits

• d88a396 Release version '3.3.2'.
• 7c6b2ad chore: update gradle wrapper [ci skip]
• 38c7872 feat(voice): DAVE Support with libdave-jvm (#1344)
• 4efcd13 docs: fix warning for code in Channel docs
• aaf9f91 chore: update .gitignore for internal tests [ci skip]
• 7da228c feat: Support Targeted Invites (#1341)
• f1439b6 feat: Enforce v10 for Discord API (#1342)
• 0a103a5 chore: update com.gorylenko.gradle-git-properties version to 2.5.7
• fdb461c chore(deps): update immutables version to 2.12.1
• ac4c0ee chore(deps): update discordJsonVersion to 1.7.22
• Additional commits viewable in compare view

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 3.0.2 to 3.0.3

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.3 released!

Added

• #3246 – Add Springdoc OpenAPI MCP (Model Context Protocol) support
• #3256 – Auto-set nullable: true for Kotlin nullable types in schema properties
• #3239 – Add support for the @Range constraint validation annotation
• #3244 – Handle default values for LocalDate

Changed

• Upgrade Spring Boot to version 4.0.5
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2
• #3260 – @ConditionalOnClass(HateoasProperties.class) in SpringDocHateoasConfiguration
• Forwards all MCP non-transport headers to downstream methods
• Dynamically resolve the base path from window.location.pathname for MCP UI

Fixed

• #3258 – Setting API Version Required when using WebFlux breaks the Swagger UI
• #3259 – Annotated Generic properties getting applied to sibling properties
• #3255 – Direction enum: fixed visibility scope of group order so that setGroupsOrder method can be used
• #3247 – Preserve YAML group URLs in Swagger UI
• #3245 – Upgrade swagger-core from version 2.2.43 to 2.2.45
• #3235 – PropertyResolverUtils retains a JsonNode when reading an ExtensionProperty annotation
• #3226 – Propagate JsonView context when resolving Page<T> schema

New Contributors

• @​seregamorph made their first contribution in springdoc/springdoc-openapi#3260

Full Changelog: springdoc/springdoc-openapi@v3.0.2...v3.0.3

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[3.0.3] - 2026-04-12

Added

• #3246 – Add Springdoc OpenAPI MCP (Model Context Protocol) support
• #3256 – Auto-set nullable: true for Kotlin nullable types in schema properties
• #3239 – Add support for the @Range constraint validation annotation
• #3244 – Handle default values for LocalDate

Changed

• Upgrade Spring Boot to version 4.0.5
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2
• #3260 – @ConditionalOnClass(HateoasProperties.class) in SpringDocHateoasConfiguration
• Forwards all MCP non-transport headers to downstream methods
• Dynamically resolve the base path from window.location.pathname for MCP UI

Fixed

• #3258 – Setting API Version Required when using WebFlux breaks the Swagger UI
• #3259 – Annotated Generic properties getting applied to sibling properties
• #3255 – Direction enum: fixed visibility scope of group order so that setGroupsOrder method can be used
• #3247 – Preserve YAML group URLs in Swagger UI
• #3245 – Upgrade swagger-core from version 2.2.43 to 2.2.45
• #3235 – PropertyResolverUtils retains a JsonNode when reading an ExtensionProperty annotation
• #3226 – Propagate JsonView context when resolving Page<T> schema

Commits

• 3c30283 [maven-release-plugin] prepare release v3.0.3
• 4184c05 update .gitignore
• 89745c2 CHANGELOG.md update
• 4d1a730 Merge pull request #3260 from seregamorph/SpringDocHateoasConfiguration-class...
• 54e7650 ConditionalOnClass (HateoasProperties.class) in SpringDocHateoasConfiguration
• 9f354b2 Spring-boot upgrade to version 4.0.5
• 14df32f Forwards all MCP non-transport headers, to downstream methods
• 3ee9a44 Forwards all MCP non-transport headers, to downstream methods
• df99408 upgrade swagger-ui to version 5.32.2
• 6ee70f4 upgrade swagger-api to version 2.2.47
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

• PLATFORM: JDK26 support added #4019.
• PLATFORM: Spring Tools Suite 5 supported #3985.
• BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
• BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
• BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

Commits

• 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
• fcdab3f [version] pre-release version bump
• 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
• 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
• 2be766c Merge branch 'jackson3-final-touches'
• 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
• e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
• 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
• 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
• e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
• Additional commits viewable in compare view

Updates org.springframework.boot from 4.0.5 to 4.0.6

Release notes

Sourced from org.springframework.boot's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates com.vaadin from 25.1.1 to 25.1.4

Release notes

Sourced from com.vaadin's releases.

Vaadin 25.1.4

This is a maintenance release for Vaadin 25.1. See 25.1.0 release notes for details and resources.

Changelogs

• Flow (25.1.4) and Hilla (25.1.3)
• Design System
  • Web Components (25.1.2)
  • Flow Components (25.1.4)
• TestBench (10.1.1)
• Browserless Test(1.0.0)
• Feature Pack(25.0.0)
• Modernization Toolkit (Documentation)
  • Feature Pack (Documentation)
  • Dragonfly (Documentation)
  • Modernization Toolkit Analyzer (Analyzer for Eclipse, Analyzer for Maven)
• Multiplatform Runtime (MPR) (8.0.1)
• Router (2.0.1)
• Vaadin Kits
  • AppSec Kit (4.0.2)
  • Azure Kit (1.0.0)
  • Collaboration Engine (7.0.0)
  • Copilot (25.1.3)
  • Kubernetes Kit (3.1.0)
  • Observability Kit (4.1.0)
  • SSO Kit (4.1.1)
  • Swing Kit (3.0.1)

Official add-ons and plugins:

• Spring add-on (25.1.4)
• CDI add-on (16.0.1)
• Maven plugin (25.1.4)
• Gradle plugin (25.1.4)
• Quarkus plugin (3.1.1)

Vaadin 25.1.3

This is a maintenance release for Vaadin 25.1. See 25.1.0 release notes for details and resources.

Changelogs

• Flow (25.1.3) and Hilla (25.1.2)
• Design System
  • Web Components (25.1.1)
  • Flow Components (25.1.3)
• TestBench (10.1.1)

... (truncated)

Commits

• b4151e8 update copilot to 25.1.3 (#8844)
• b66b7f8 chore: upgrade cdi plugin to 16.0.1 (#8838) (#8842)
• 88ddcd8 update hilla to 25.1.3 (#8827)
• 82e3c0c Update flow to 25.1.4 (#8823)
• 803dc04 chore: update versions.json in 25.1 with latest WC (#8811)
• 7476c9f chore: upgrade springboot to 4.0.6 (#8805) (#8806)
• 6fa8778 chore: testbench 10.1.1 (25.1) (#8778)
• 32089a7 Update flow to 25.1.3 (#8776)
• 4952a7a chore: fix wrong version number and link in maintenance release note
• a61b520 update copilot to 25.1.2 (#8775)
• Additional commits viewable in compare view

Updates org.flywaydb.flyway from 12.3.0 to 12.5.0

Updates gradle-wrapper from 9.4.1 to 9.5.0

Release notes

Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

• Task provenance in reports and failure messages
• Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

Commits

• 3fe117d Update jdks.yaml (#37703)
• 33d145a Update jdks.yaml
• f7a05d1 Update Gradle wrapper to version 9.5.0-rc-4 (#37654)
• 266facd Update Gradle wrapper to version 9.5.0-rc-4
• 0ad6dd8 Suppress OSC taskbar reset on plain/piped stdout (#37646)
• 966025d Suppress OSC taskbar reset on plain/piped stdout
• e745573 Polish IP docs (#37642)
• d5cfd07 Ensure BuildOperationQueue will progress without extra leases (#37629)
• acdf0c3 Ensure BuildOperationQueue will progress without extra leases
• f7d0e4f Rename anchor
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
com.vaadin	[>= 24.7.0.a, < 24.7.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edi...

Description has been truncated