Bump vaadin.version from 25.1.6 to 25.1.7

[dependabot]

Bumps vaadin.version from 25.1.6 to 25.1.7.
Updates com.vaadin:vaadin-bom from 25.1.6 to 25.1.7

Updates com.vaadin:vaadin-maven-plugin from 25.1.6 to 25.1.7

Release notes

Sourced from com.vaadin:vaadin-maven-plugin's releases.

Vaadin 25.1.7

This is a maintenance release for Vaadin 25.1. See 25.1.0 release notes for details and resources.

Changes since 25.1.6

• Flow: 25.1.7 → 25.1.8, 25.1.9 → 25.1.10
• Hilla: 25.1.5 → 25.1.6
• Web Components: 25.1.3 → 25.1.4
• Flow Components: 25.1.6 → 25.1.7
• Copilot: 25.1.5 → 25.1.6
• Quarkus plugin: 3.1.2 → 3.1.3

Unchanged Modules

• TestBench: 10.1.2
• Browserless Test: 1.0.0
• Multiplatform Runtime (MPR): 8.0.1
• Router: 2.0.1
• Collaboration Engine: 7.0.0
• Kubernetes Kit: 3.1.1
• Observability Kit: 4.1.1
• SSO Kit: 4.1.2
• CDI add-on: 16.0.1
• AppSec Kit: 4.0.2 (docs)
• Azure Kit: 1.0.0 (docs)
• Swing Kit: 3.0.1 (docs)

Note:

We are aware of the following CVEs (CVE-2026-43515, CVE-2026-43513, CVE-2026-43514, CVE-2026-42498, CVE-2026-41284, CVE-2026-43512, CVE-2026-41293) from Tomcat, which is a transitive dependency from SpringBoot 4.0.6. Tomcat is a runtime deployment choice made by application developers, which Vaadin does not use or depend on. You can be upgraded on the application side to Tomcat 9.0.118+, 10.1.55+ or 11.0.22+. The corresponding updates will come in their next releases (SpringBoot 4.0.7).

Commits

• 153a11e update copilot to 25.1.6 (#8974)
• a3927fc update hilla to 25.1.6 (#8972)
• ffb663d Update flow to 25.1.10 (#8967)
• 622a179 chore: update versions.json in 25.1 with latest WC (#8962)
• f1279ab chore: upgrade gradle plugin-publish to 1.x (#8955) (#8957)
• a72be3b Update flow to 25.1.9 (#8954)
• f56c015 chore: list changed module in maintenance release note separately [skip ci] (...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[hawkbit-bot]

Thanks @dependabot[bot] for taking the time to contribute to hawkBit! We really appreciate this. Make yourself comfortable while I'm looking for a committer to help you with your contribution.
Please make sure you read the contribution guide and signed the Eclipse Contributor Agreement (ECA).