🐛 fix: Use maven logging throughout plugin

[LogFlames]

Fixes #1436.

Uses mojo's getLog() throughout the plugin with a singleton.

Defaut (non debug) output now looks like this:

[INFO] Generating lock file for project maven-lockfile
[INFO] Resolved   13 dependencies for plugin com.soebes.itf.jupiter.extension:itf-maven-plugin:maven-plugin:0.13.1:runtime
[INFO] Resolved    3 dependencies for plugin dev.sigstore:sigstore-maven-plugin:maven-plugin:2.0.0:runtime
[INFO] Resolved   16 dependencies for plugin org.apache.maven.plugins:maven-install-plugin:maven-plugin:3.1.4:runtime
[INFO] Resolved    9 dependencies for plugin org.apache.maven.plugins:maven-surefire-plugin:maven-plugin:3.5.4:runtime
[INFO] Resolved   16 dependencies for plugin org.apache.maven.plugins:maven-failsafe-plugin:maven-plugin:3.5.4:runtime
[INFO] Resolved   16 dependencies for plugin org.apache.maven.plugins:maven-enforcer-plugin:maven-plugin:3.6.2:runtime
[INFO] Resolved   19 dependencies for plugin org.codehaus.gmavenplus:gmavenplus-plugin:maven-plugin:4.2.1:runtime
[INFO] Resolved   17 dependencies for plugin org.apache.maven.plugins:maven-compiler-plugin:maven-plugin:3.14.1:runtime
[INFO] Resolved   17 dependencies for plugin org.apache.maven.plugins:maven-artifact-plugin:maven-plugin:3.6.1:runtime
[INFO] Resolved   16 dependencies for plugin org.cyclonedx:cyclonedx-maven-plugin:maven-plugin:2.9.1:runtime
[INFO] Resolved    8 dependencies for plugin com.diffplug.spotless:spotless-maven-plugin:maven-plugin:3.1.0:runtime
[INFO] Resolved   10 dependencies for plugin org.apache.maven.plugins:maven-clean-plugin:maven-plugin:3.5.0:runtime
[INFO] Resolved   14 dependencies for plugin org.apache.maven.plugins:maven-jar-plugin:maven-plugin:3.5.0:runtime
[INFO] Resolved   44 dependencies for plugin org.apache.maven.plugins:maven-site-plugin:maven-plugin:3.21.0:runtime
[INFO] Resolved   14 dependencies for plugin org.apache.maven.plugins:maven-resources-plugin:maven-plugin:3.4.0:runtime
[INFO] Resolved   24 dependencies for plugin org.apache.maven.plugins:maven-plugin-plugin:maven-plugin:3.15.2:runtime
[INFO] Resolved   19 dependencies for plugin org.apache.maven.plugins:maven-deploy-plugin:maven-plugin:3.1.4:runtime
[INFO] Resolved  176 dependencies for project MavenProject: io.github.chains-project:maven-lockfile:5.11.1-SNAPSHOT @ /Users/elias/code/kth/CHAINS/maven-lockfile/maven_plugin/pom.xml
[INFO] Lockfile written to /Users/elias/code/kth/CHAINS/maven-lockfile/maven_plugin/lockfile.json

[adambkaplan]

What is the history of this file? Does modifying this file collide/conflict with code from core Apache Maven dependencies?

[LogFlames]

maven-dependency-tree does not expose conflict data as the verbose dependency node and its conflict data is internal to maven dependency tree.
ConflictData: https://github.com/apache/maven-dependency-tree/blob/master/src/main/java/org/apache/maven/shared/dependency/graph/internal/ConflictData.java
VerboseDependencyNode's private conflict data variable: https://github.com/apache/maven-dependency-tree/blob/be712c1203b21c8a1b4827c93929f3937b781947/src/main/java/org/apache/maven/shared/dependency/graph/internal/VerboseDependencyNode.java#L29.

Thus the only way to extract information from running it using verbose mode is with the string representation (which differens between the DependencyNode and VerboseDependencyNode). However, it is quite difficult to parse (as missing fields have no default value) and therefore error prone.

SpyingDependencyNodeUtils is located there to be able to be able to access the VerboseDependencyNode which otherwise is package private to dependency-tree.

There is definitely some risk, mainly that we are not using a public API so if the internal implementation of dependency-tree changes we would need to adapt. It should (to the best of my knowledge) not conflict with any code in maven-dependency-tree, its only purpose is to access the otherwise package private class.

I have created a PR to expose it in the API apache/maven-dependency-tree#50 (originally created while attempting to implement better verbose information to the json output of maven-dependency-plugin (apache/maven-dependency-plugin#1469 which also would need to access ConflictData from maven-dependency-tree), but it is quite old and has fallen between the cracks.