Our static analysis tool has reported several potential flaws in Vaadin’s vaadinPush.js and Flow.js code. We need to evaluate these findings and determine whether they are real issues or false positives.
Since we are not experts in Vaadin’s internal code, we’re unsure about the best approach to make this assessment. We also do not have a Vaadin support license, so we cannot rely on official support channels.
Has anyone faced similar situations? How do you typically verify or handle such findings in Vaadin components?
Any guidance or experience would be greatly appreciated!