From 430e8b90e7391939fd70f8de781be8ec07f32d68 Mon Sep 17 00:00:00 2001
From: Bilal Mahmood <bilal.mahmood@bjss.com>
Date: Thu, 1 Sep 2022 14:03:03 +0100
Subject: [PATCH 1/3] Updated version and added gson dependency

---
 depends-maven-plugin/pom.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/depends-maven-plugin/pom.xml b/depends-maven-plugin/pom.xml
index a6f8647..e36e0d3 100644
--- a/depends-maven-plugin/pom.xml
+++ b/depends-maven-plugin/pom.xml
@@ -18,7 +18,7 @@
 
     <artifactId>depends-maven-plugin</artifactId>
     <packaging>maven-plugin</packaging>
-    <version>1.4.1-SNAPSHOT</version>
+    <version>1.5.0-SNAPSHOT</version>
     <name>Apache ServiceMix :: Plugins :: Maven2 Depends Plugin</name>
 
     <scm>
@@ -71,6 +71,11 @@
             <artifactId>plexus-build-api</artifactId>
             <version>0.0.7</version>
         </dependency>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.9.0</version>
+        </dependency>
     </dependencies>
 
 </project>

From 73f61e281fa538fb473ea6bfe317864529e9fcea Mon Sep 17 00:00:00 2001
From: Bilal Mahmood <bilal.mahmood@bjss.com>
Date: Thu, 1 Sep 2022 14:04:28 +0100
Subject: [PATCH 2/3] Created method and objects necessary to produce a JSON
 output of dependencies.

---
 .../depends/GenerateDependsFileMojo.java      | 59 +++++++++++++++----
 .../servicemix/tooling/depends/PomOutput.java | 14 +++++
 2 files changed, 60 insertions(+), 13 deletions(-)
 create mode 100644 depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/PomOutput.java

diff --git a/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/GenerateDependsFileMojo.java b/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/GenerateDependsFileMojo.java
index bef9c4f..b10bdc0 100644
--- a/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/GenerateDependsFileMojo.java
+++ b/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/GenerateDependsFileMojo.java
@@ -16,12 +16,8 @@
  */
 package org.apache.servicemix.tooling.depends;
 
-import java.io.File;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.PrintStream;
-import java.util.*;
-
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
 import org.apache.maven.artifact.Artifact;
 import org.apache.maven.artifact.factory.ArtifactFactory;
 import org.apache.maven.artifact.metadata.ArtifactMetadataSource;
@@ -33,14 +29,16 @@
 import org.apache.maven.plugin.AbstractMojo;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
-import org.apache.maven.plugins.annotations.Component;
-import org.apache.maven.plugins.annotations.LifecyclePhase;
-import org.apache.maven.plugins.annotations.Mojo;
-import org.apache.maven.plugins.annotations.Parameter;
-import org.apache.maven.plugins.annotations.ResolutionScope;
+import org.apache.maven.plugins.annotations.*;
 import org.apache.maven.project.MavenProject;
 import org.sonatype.plexus.build.incremental.BuildContext;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.util.*;
+
 /**
  * Generates the dependencies properties file
  */
@@ -77,6 +75,12 @@ public class GenerateDependsFileMojo extends AbstractMojo {
     @Parameter( defaultValue = "${project.build.directory}/classes/META-INF/maven/dependencies.properties" )
     private File outputFile;
 
+    @Parameter( defaultValue = "${project.build.directory}/classes/META-INF/maven/dependencies.json" )
+    private File outputJsonFile;
+
+    @Parameter( defaultValue = "false", property = "outputAsJson")
+    protected boolean outputAsJson;
+
     @Parameter( defaultValue = "${localRepository}" )
     protected ArtifactRepository localRepo;
 
@@ -140,6 +144,9 @@ private List<Dependency> getDependencies() {
     private void writeDependencies(List<Dependency> dependencies) throws MojoExecutionException {
         OutputStream out = null;
         try {
+            if(outputAsJson) {
+                outputFile = outputJsonFile;
+            }
             outputFile.getParentFile().mkdirs();
             out = buildContext.newFileOutputStream(outputFile);
             PrintStream printer = new PrintStream(out);
@@ -170,7 +177,15 @@ protected Dependency generateDependency(Artifact a)
         return dep;
     }
 
-    protected void populateProperties(PrintStream out, List<Dependency> dependencies) {
+    protected void populateProperties(PrintStream printer, List<Dependency> dependencies) {
+        if(outputAsJson) {
+            populatePropertiesIntoJson(printer, dependencies);
+        } else {
+            populatePropertiesIntoText(printer, dependencies);
+        }
+    }
+
+    protected void populatePropertiesIntoText(PrintStream out, List<Dependency> dependencies) {
         out.println("# Project dependencies generated by the Apache ServiceMix Maven Plugin");
         out.println();
 
@@ -184,7 +199,7 @@ protected void populateProperties(PrintStream out, List<Dependency> dependencies
 
         for (Dependency dependency : dependencies) {
             String prefix = dependency.getGroupId() + SEPARATOR + dependency.getArtifactId() + SEPARATOR;
-            
+
             if( includeVersion )
                 out.println(prefix + "version = " + dependency.getVersion());
 
@@ -203,6 +218,24 @@ protected void populateProperties(PrintStream out, List<Dependency> dependencies
             getLog().debug("Dependency: " + dependency + " classifier: " + classifier + " type: " + dependency.getType());
         }
     }
+
+    protected void populatePropertiesIntoJson(PrintStream out, List<Dependency> dependencies) {
+        PomOutput output = new PomOutput();
+
+        Gson gson = new GsonBuilder()
+                .setPrettyPrinting()
+                .create();
+
+        output.project = new HashMap<String, String>();
+        output.project.put("groupId", project.getGroupId());
+        output.project.put("artifactId", project.getArtifactId());
+        output.project.put("versionId", project.getVersion());
+
+        output.dependencies = new ArrayList<Dependency>();
+        output.dependencies.addAll(dependencies);
+
+        out.println(gson.toJson(output));
+    }
     
     private void safeClose(OutputStream out) {
         if (out != null) {
diff --git a/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/PomOutput.java b/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/PomOutput.java
new file mode 100644
index 0000000..2975a88
--- /dev/null
+++ b/depends-maven-plugin/src/main/java/org/apache/servicemix/tooling/depends/PomOutput.java
@@ -0,0 +1,14 @@
+package org.apache.servicemix.tooling.depends;
+
+import org.apache.maven.model.Dependency;
+
+import java.util.HashMap;
+import java.util.List;
+
+public class PomOutput {
+
+    HashMap<String, String> project;
+
+    List<Dependency> dependencies;
+
+}
\ No newline at end of file

From 3dff8eb62c26ab6b1278c0789d07627ff71c7073 Mon Sep 17 00:00:00 2001
From: Bilal Mahmood <bilal.mahmood@bjss.com>
Date: Thu, 1 Sep 2022 14:34:47 +0100
Subject: [PATCH 3/3] Updated plexus-utils to the latest version, to remove
 vulnerability CVE-2017-1000487

---
 depends-maven-plugin/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/depends-maven-plugin/pom.xml b/depends-maven-plugin/pom.xml
index e36e0d3..e791ad0 100644
--- a/depends-maven-plugin/pom.xml
+++ b/depends-maven-plugin/pom.xml
@@ -64,7 +64,7 @@
         <dependency>
             <groupId>org.codehaus.plexus</groupId>
             <artifactId>plexus-utils</artifactId>
-            <version>3.0</version>
+            <version>3.4.2</version>
         </dependency>
         <dependency>
             <groupId>org.sonatype.plexus</groupId>