From 1ef091fab322e03b51397633d88fb635b92ecb89 Mon Sep 17 00:00:00 2001
From: Antonio Firmiano Gomes <anthogez@gmail.com>
Date: Thu, 14 Mar 2024 11:37:42 +0000
Subject: [PATCH] feat: support -dverbose argument when testing maven projects
 #5117

- feat: support verbose for maven

Support passing -Dverbose to resolve omitted dependencies using maven-dependency-plugin.

When verbose is being used execute a specific version of the maven-dependency-plugin.
This is becuase on lower version of this plugin outputType=dot is not supported, and it will output a tree.

When verbose is on skip pruning and ensure all dependency lines are traversed fully, using breadth first, first in wins for version resolution.

- fix: record and use visited dependency information

In preparation for supporting -Dverbose the breadth first search needs to retain
previously visited dependency information.

At the moment we record whether a dependency has been seen (true/false)
based on the maven graph node id. This id contains the dependency version.
For example 'com.example:my-app:jar:jdk8:1.2.3:compile'.

However when maven is determining whether a dependency has already been
seen only four properties are used:

* groupId
* artifactId
* type
* classifier (optional)

These are the properties that uniquely identify a dependency in Maven.

Changing visited to be keyed by these four properties instead.

In addition we then record the parsed dependency for these visited dependencies
so that we can use that information when adding and connecting the dep-graph nodes.

The effect is that if a duplicate node is found, the previously visited version
is preferred regardless of what the duplicate node is set to.

This doesn't really effect the current implementation because maven-dependency-plugin
hides duplicates. Another PR will start to support -Dverbose where this becomes
important that we select the effective version being resolved by Maven.
---
 package-lock.json | 21 ++++++++++++---------
 package.json      |  2 +-
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2e52b92218..d7384fdc7d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -72,7 +72,7 @@
         "snyk-go-plugin": "1.23.0",
         "snyk-gradle-plugin": "4.1.0",
         "snyk-module": "3.1.0",
-        "snyk-mvn-plugin": "3.1.0",
+        "snyk-mvn-plugin": "3.3.1",
         "snyk-nodejs-lockfile-parser": "1.52.11",
         "snyk-nuget-plugin": "2.4.1",
         "snyk-php-plugin": "1.9.2",
@@ -21315,17 +21315,20 @@
       "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
     },
     "node_modules/snyk-mvn-plugin": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-3.1.0.tgz",
-      "integrity": "sha512-devEs+koPeDK2U7c+txpDld2j+u4zP8/SssWJrNIJbEO3J4Ay2CGp5FkinuZpbWqQ4KVNQGPA/t9jAnY6DBcNA==",
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-3.3.1.tgz",
+      "integrity": "sha512-Sq45+qzZmLXRuz4RSRjKBp6DN3tQpMdRwaTB7tWTI/J5HQBDiBVDmQ3NTXAb7rCuWGwxvHKL8WE3ZmBMx0Plrw==",
       "dependencies": {
         "@snyk/cli-interface": "2.11.3",
         "@snyk/dep-graph": "^1.23.1",
-        "debug": "^4.1.1",
+        "debug": "^4.3.4",
         "glob": "^7.1.6",
         "packageurl-js": "^1.0.0",
         "shescape": "1.6.1",
         "tslib": "^2.4.0"
+      },
+      "engines": {
+        "node": "^18"
       }
     },
     "node_modules/snyk-mvn-plugin/node_modules/@snyk/cli-interface": {
@@ -40997,13 +41000,13 @@
       }
     },
     "snyk-mvn-plugin": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-3.1.0.tgz",
-      "integrity": "sha512-devEs+koPeDK2U7c+txpDld2j+u4zP8/SssWJrNIJbEO3J4Ay2CGp5FkinuZpbWqQ4KVNQGPA/t9jAnY6DBcNA==",
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-3.3.1.tgz",
+      "integrity": "sha512-Sq45+qzZmLXRuz4RSRjKBp6DN3tQpMdRwaTB7tWTI/J5HQBDiBVDmQ3NTXAb7rCuWGwxvHKL8WE3ZmBMx0Plrw==",
       "requires": {
         "@snyk/cli-interface": "2.11.3",
         "@snyk/dep-graph": "^1.23.1",
-        "debug": "^4.1.1",
+        "debug": "^4.3.4",
         "glob": "^7.1.6",
         "packageurl-js": "^1.0.0",
         "shescape": "1.6.1",
diff --git a/package.json b/package.json
index 9403b63a25..39b6fd3ade 100644
--- a/package.json
+++ b/package.json
@@ -120,7 +120,7 @@
     "snyk-go-plugin": "1.23.0",
     "snyk-gradle-plugin": "4.1.0",
     "snyk-module": "3.1.0",
-    "snyk-mvn-plugin": "3.1.0",
+    "snyk-mvn-plugin": "3.3.1",
     "snyk-nodejs-lockfile-parser": "1.52.11",
     "snyk-nuget-plugin": "2.4.1",
     "snyk-php-plugin": "1.9.2",