Cool! It is much clearer to me now. I will survive with this explanation. Thanks!
Things are clearer to me know after expending some time reading other topics and papers and your first paragraph above. I will keep a close eye on new developments
Following your explanation, I get deeper on the vulnerabilities’ correction process and update snappy to release 0.5. The red bell shows now only one (1) environment vulnerability (org.webjars:bootstrap/3.4.1). snappy is no longer in the list.