I am working on a task to remove issues identified by JFrog plug-in that identifies the entries in the POM by risk category - high, medium etc.
In my POM, I am getting the red squiggly lines for these entries and I am trying to figure out the cause of those as well as how to fix it.
UPDATE Adding text for POM. The reason for adding image earlier was to show the red squigglies. They show up only for the 3 dependencies in the image
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
<version>1.9.1</version>
</dependency>
<dependency>
<groupId>org.jsonschema2pojo</groupId>
<artifactId>jsonschema2pojo-maven-plugin</artifactId>
<version>1.1.1</version>
</dependency>
Also, when I look at the JFrog output, I would like to cleanup even the non-critical issues, like those shown in yellow in the below screen-shot.
I have not found a way to identify what the fix is in these situations and then apply the fix. This is a brand new application that I am working on, but using a POM from an existing application as it is a big pom and i would need to implement most of the similar functionality, but for a new pom, would like to start as clean as possible
Thank you for any suggestions.
Update 2
Thanks @yahavi
In the image below, the version that is showing up is for downpath version of another jar. Also, for the spring-boot-starter-web, in JFrog, it doesn't show any critical issues, but in the pom it has the red squigglys.
That is what I am wondering, how can I fix the downpath version dependencies.
Thanks
