Skip to content

build(deps): Bump vaadin.version from 25.1.1 to 25.2.1#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/vaadin.version-25.2.1
Open

build(deps): Bump vaadin.version from 25.1.1 to 25.2.1#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/vaadin.version-25.2.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps vaadin.version from 25.1.1 to 25.2.1.
Updates com.vaadin:vaadin-bom from 25.1.1 to 25.2.1

Updates com.vaadin:vaadin-maven-plugin from 25.1.1 to 25.2.1

Release notes

Sourced from com.vaadin:vaadin-maven-plugin's releases.

Vaadin 25.2.1

This is a maintenance release for Vaadin 25.2. See 25.2.0 release notes for details and resources.

Changes since 25.2.0

Unchanged Modules

Vaadin 25.2.0

Upgrading · Docs · Get Started

New and Noteworthy Since Vaadin 25.1

Note: If your project uses Spring Boot, version 4.1 is required for better compatibility. (Spring Boot itself is entirely optional and not a requirement to run Vaadin/Flow 25.2).

Flow

  • Geolocation — Java API over the browser Geolocation API for "find a store near me", courier tracking, and location-stamped forms. Geolocation.getPosition(...) for one-shot reads, Geolocation.watchPosition(...) for continuous tracking exposed as a signal. Watches auto-stop on detach. Sealed result types (GeolocationPosition / GeolocationError, plus GeolocationPending for the watcher) make permission-denied, unavailable, and timeout exhaustive to handle. (Live demo)
  • Clipboard — Write text and HTML to the clipboard from a button click or context-menu action. Bind via Clipboard.onClick(component), then .writeText(...), .writeText(field, ...), or .write(ClipboardContent.create().text(...).html(...)). Success/error callbacks available, and the per-gesture browser trust requirement is handled for you.
  • Fullscreen — Take the whole page, or a single component, into fullscreen from a user action; exit programmatically from server-side code (no gesture needed); and observe a read-only state signal (UNKNOWN / UNSUPPORTED / NOT_FULLSCREEN / FULLSCREEN). Browser-initiated exit (e.g. the Esc key) is reflected in the signal, a single-component fullscreen is restored to its original DOM position on exit, and overlays keep working. Optional success/failure callbacks surface browser rejections.
  • Screen Wake Lock — Keep the device screen awake while a view is shown — for dashboards, kiosks, signage, presentations, and scanning stations. Acquire and release are idempotent; the lock is transparently re-acquired when the tab becomes visible again after the browser drops it on hide. Read-only active and availability signals plus typed error callbacks (unsupported, not-allowed, unknown), with an already-known-unsupported state reported without a wasted round-trip.
  • Web Share — Open the operating system's native share sheet from a user action to share any combination of title, text, and/or URL. Each field can be a static literal or bound to live component state (a text field, the page URL), read on the client at share time. A read-only support signal (SUPPORTED / UNSUPPORTED / UNKNOWN) lets apps show a fallback where sharing is unavailable; user cancellation is surfaced distinctly from a real failure.
  • Screen Orientation — Read the current orientation (type + angle) as a read-only signal, seeded at bootstrap so a real value is available before user code runs, with portrait/landscape helpers. Lock or unlock the orientation with completion and typed-error callbacks (not-supported, security, abort, unknown). Degrades gracefully on partial/legacy browsers by retaining the last known value.
  • Page Visibility — Expose the tab's visibility and focus state — distinguishing visible-and-focused, visible-but-not-focused, and hidden — as a read-only signal, seeded at bootstrap and debounced so it settles on the final state. Lets applications reactively pause and resume polling, animations, and live updates when the user switches away from or back to the tab. Pairs naturally with UI.triggerAfter for deferred server-side work.
  • Deferred server-side callbacksUI.triggerAfter(Duration, SerializableRunnable) runs a task on the server after a browser-side timer elapses without enabling push; the returned Registration cancels the client timer so a cancelled task never runs.
  • Route hierarchy and dynamic page titles — Routes can declare a parent, forming a navigation hierarchy. Page titles can be generated dynamically for any route from its target class and route parameters, without instantiating the view — so the titles of routes that are not on screen (a whole breadcrumb trail or menu) can be resolved. A router-state signal updates on every completed navigation, letting breadcrumbs, menus and other reactive UI track the current location.
  • Signals improvements — Bulk insert into list signals in one change event (ListSignal.insertAllFirst/insertAllLast/insertAllAt, SharedListSignal equivalents), helpers to read all items at once.
  • Html component sanitization — New Html(String, SerializableSupplier<Safelist>) (and InputStream / Signal<String>) constructors sanitize content through a jsoup Safelist, so untrusted HTML can be rendered safely without callers pre-sanitizing.
  • Drag and drop: drop position — Drop events now carry coordinates (DropEvent.getOffsetX()/getOffsetY(), drag-start offsets, extended DragStartEvent/DragEndEvent) so an item can be placed where it was actually dropped.
  • Request diagnostics — Register a SessionLockListener or RpcInvocationListener on VaadinService to observe session-lock request/acquire/release and each client-to-server RPC invocation — useful for diagnosing lock contention and tracing which invocation holds the lock.
  • Triggers and actions (preview) — A framework that arms a client-side trigger (a click, a timeout, an element resize, ...) to run a client-side action (download, open in a new tab, read/write the clipboard, enter fullscreen, invoke a server callback, ...) without a server round trip. It already powers Clipboard, Fullscreen, Screen Wake Lock and UI.triggerAfter. It is intended as low level API to build higher level features on.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `vaadin.version` from 25.1.1 to 25.2.1.

Updates `com.vaadin:vaadin-bom` from 25.1.1 to 25.2.1

Updates `com.vaadin:vaadin-maven-plugin` from 25.1.1 to 25.2.1
- [Release notes](https://github.com/vaadin/platform/releases)
- [Commits](vaadin/platform@25.1.1...25.2.1)

---
updated-dependencies:
- dependency-name: com.vaadin:vaadin-bom
  dependency-version: 25.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.vaadin:vaadin-maven-plugin
  dependency-version: 25.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant