Vaadin uses old version of JSOUP which is binary incompatible with newer versions

[benstpierre]

Describe the bug

It appears that as of 23.1.6 Vaadin uses JSOUP 1.14.3. In JSOUP 1.15.3 There was a breaking change where Whitelist was replaced with Safelist as the term "Whitelist" is considered racist. https://jsoup.org/news/release-1.15.1

We cannot use the new version of JSOUP because vaadin depends on the old version and uses the Whitelist class.

This should be a pretty small fix for Vaadin.

Expected-behavior

No response

Reproduction

Try to uses JSOUP 1.15.1 in a Vaadin 23 app and it will break.

System Info

Happens on all systems.

[vaadin-bot]

Thanks for using Vaadin! We appreciate your help and we’ll take care of this as soon as possible.

[knoobie]

The new jsoup version can be used with 23.2 by default. In 23.1 you have to do some more work to get it to work without breaking stuff.

[ZheSun88]

we are working on a fix to make the new jsoup version working with V23.1 and older vaadin versions

[nittka]

Timely fixes for Vaadin 8 and Vaadin 14 would be quite important as well. Do I understand correctly, that you may not update the dependency directly, but will make sure that your code will be compatible with 1.15.X, so that we can package an updated version safely?

[knoobie]

Vaadin (flow) releases 14-23.2 with a fix including the transitive dependency are already on the way. An update for v8 (8.17) as extended maintenance release is prepared by Tatu as well.

[ZheSun88]

All affected Vaadin versions, 23.2.0, 23.1.9, 23.0.16, 22.0.22, 14.8.17, 10.0.21, 8.17.0 and 7.7.34 have been released with the Jsoup version updates.