fix(jar): remove duplicates of jar libs

[DmitriyLewen]

Description

See #4496

Related Issues

• bug(jar): duplicates of jar files when project name from pom.properties != name from file name trivy#4496

[knqyf263]

What do you think about this approach?

Suggested change

	uniqLibs := map[string]types.Library{}
	for _, lib := range libs {
	// comparing ArtifactID and GroupID
	l, ok := uniqLibs[lib.Name]
	// comparing Version and FilePath
	if ok && lib.Version == l.Version && lib.FilePath == l.FilePath {
	continue
	}
	uniqLibs[lib.Name] = lib
	}
	libSlice := maps.Values(uniqLibs)
	sort.Sort(types.Libraries(libSlice))
	return libSlice
	return := lo.FindDuplicatesBy(libs, func(lib types.Library) {
	return fmt.Sprintf("%s::%s::%s", lib.Name, lib.Version, lib.FilePath)
	})

[DmitriyLewen]

lo.FindDuplicatesBy takes only duplicates and skips unique libs.
lo.FindUniquesBy takes only unique libs and skips duplicates.

types.Library is not comparable type, so we can't use slice.Contains function to find duplicates in libs.

But i found 1 way - we will take all uniq libs(lo.FindUniquesBy) and one lib for each duplicate(lo.FindDuplicatesBy) - e0a855f
I added tests so you can see it.

[DmitriyLewen]

or we can use map[string]types.Library here -

go-dep-parser/pkg/java/jar/parse.go

Line 91 in 307b489

var libs []types.Library

and check for unique libs when append it into this map.

[DmitriyLewen]

FYI this and this testscases are contained in TestParse.
I have updated io.quarkus.gizmo.gizmo-1.1.1.Final.jar test file to move testcase when jar contains 2 jars with same name and different versions in TestParse and make removeLibraryDuplicates function not exportable.

Changes in this commit - 6e2198e

[knqyf263]

Oh, yes, I was confused with UniqBy. How about that? https://github.com/samber/lo#uniqby

[DmitriyLewen]

I need to check docs better... It works! Thanks for the advice!
Updated in 9346bf2