frogbot
frogbot copied to clipboard
jfrog
Couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact
Describe the bug
I am using an Azure pipeline to integrate FrogBot against pull requests and push PR to fix vulnerabilities.
Error message:
[ERROR] Failed to execute goal org.codehaus.mojo:versions-maven-plugin:2.16.2:use-dep-version (default-cli) on project: Version 2.4.4 is not available for artifact org.springframework.ws:spring-ws. [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn
[error]Bash exited with code '1'
Current behavior
I am using azure pipeline for integrate FrogBot against Pull Request and Push PR for fix vulnerabilities.
Error message:
[ERROR] Failed to execute goal org.codehaus.mojo:versions-maven-plugin:2.16.2:use-dep-version (default-cli) on project: Version 2.4.4 is not available for artifact org.springframework.ws:spring-ws. [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn
[error]Bash exited with code '1'
Reproduction steps
No response
Expected behavior
No response
JFrog Frogbot version
Artifactory 7.77.11 Xray 3.91.3
Package manager info
pom.xml
Git provider
Azure DevOps
JFrog Frogbot configuration yaml file
No response
Operating system type and version
Windows
JFrog Xray version
Xray 3.91.3
Hello @sulakhesagar and thank you for using Frogbot! Can you please provide the following details:
- Are you working in an air-gapped mode (do you have access to the internet)?
- Do you have a resolution repository set in your CI execution? meaning do you resolve your dependency from an Artifactory repo or directly from the a central registry?
- what package manager and programming language do you use?
- what is the current version of the problematic package you are using?
Hello @eranturgeman
I have same problem with this issue following log.
[Error] the following errors occured while fixing vulnerabilities in /tmp/jfrog.cli.temp.-1727844757-425141839:14:22:23 couldn't update "org.codehaus.jackson:jackson-mapper-asl" to suggested fix version: Version 1.9.13-cloudera.3 is not available for artifact
After upper log, the build failed.
For your information,
- I'm working in an air-gapped mode.
- Yes, I'm using JFrog Artifactory with Xray.
- This project uses maven with pom.xml (Java)
So what I'm curious about is whether there is a way to make the result a success or a pass the build, or generate a PR for other vulnerabilities.
Thanks for your support.
Hello @eranturgeman I resolved latest comment's problem. But there is still a problem with updating version. e.g. couldn't update commons-io:commons-io to suggested fix version: version 2.8.0-RC1 is not available for artifact. I found that the fix version is not offered by maven registry. . So please let me know how th pass or skip the scan process. Thanks for your support