Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact #701

Open
sulakhesagar opened this issue May 22, 2024 · 3 comments
Open

Couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact #701

sulakhesagar opened this issue May 22, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@sulakhesagar
Copy link

Describe the bug

I am using an Azure pipeline to integrate FrogBot against pull requests and push PR to fix vulnerabilities.

Error message:

[ERROR] Failed to execute goal org.codehaus.mojo:versions-maven-plugin:2.16.2:use-dep-version (default-cli) on project: Version 2.4.4 is not available for artifact org.springframework.ws:spring-ws. [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn -rf:
11:26:08 [Error] the following errors occurred while fixing vulnerabilities in /tmp/jfrog.cli.temp.-1716283081-1636005597:
couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact

[error]Bash exited with code '1'

Current behavior

I am using azure pipeline for integrate FrogBot against Pull Request and Push PR for fix vulnerabilities.

Error message:

[ERROR] Failed to execute goal org.codehaus.mojo:versions-maven-plugin:2.16.2:use-dep-version (default-cli) on project: Version 2.4.4 is not available for artifact org.springframework.ws:spring-ws. [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn -rf:
11:26:08 [Error] the following errors occurred while fixing vulnerabilities in /tmp/jfrog.cli.temp.-1716283081-1636005597:
couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact

[error]Bash exited with code '1'

Reproduction steps

No response

Expected behavior

No response

JFrog Frogbot version

Artifactory 7.77.11 Xray 3.91.3

Package manager info

pom.xml

Git provider

Azure DevOps

JFrog Frogbot configuration yaml file

No response

Operating system type and version

Windows

JFrog Xray version

Xray 3.91.3
@sulakhesagar sulakhesagar added the bug Something isn't working label May 22, 2024
@eranturgeman
Copy link
Contributor

eranturgeman commented May 30, 2024
edited
Loading

Hello @sulakhesagar and thank you for using Frogbot!
Can you please provide the following details:

  1. Are you working in an air-gapped mode (do you have access to the internet)?
  2. Do you have a resolution repository set in your CI execution? meaning do you resolve your dependency from an Artifactory repo or directly from the a central registry?
  3. what package manager and programming language do you use?
  4. what is the current version of the problematic package you are using?

@LSH0809
Copy link

LSH0809 commented Oct 2, 2024

Hello @eranturgeman
I have same problem with this issue following log.
[Error] the following errors occured while fixing vulnerabilities in /tmp/jfrog.cli.temp.-1727844757-425141839:14:22:23 couldn't update "org.codehaus.jackson:jackson-mapper-asl" to suggested fix version: Version 1.9.13-cloudera.3 is not available for artifact
After upper log, the build failed.

For your information,

  1. I'm working in an air-gapped mode.
  2. Yes, I'm using JFrog Artifactory with Xray.
  3. This project uses maven with pom.xml (Java)

So what I'm curious about is whether there is a way to make the result a success or a pass the build, or generate a PR for other vulnerabilities.

Thanks for your support.

@LSH0809
Copy link

LSH0809 commented Oct 3, 2024

Hello @eranturgeman
I resolved latest comment's problem.
But there is still a problem with updating version.
e.g. couldn't update commons-io:commons-io to suggested fix version: version 2.8.0-RC1 is not available for artifact.
I found that the fix version is not offered by maven registry. .
So please let me know how th pass or skip the scan process.
Thanks for your support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LSH0809 @sulakhesagar @eranturgeman