Add support for Snyk API version 2024-10-15

[ad8-adriant]

Description

This PR addresses #4714 by adding support for the current version of the Snyk API.

Additional Details

Attempting to use version 2024-10-15 of the API results in the following error during analysis due to the response from /orgs/{org_id}/packages/{purl}/issues having changed shape:

2025-02-24 04:29:48,547 ERROR [SnykAnalysisTask] Request failure
java.lang.NullPointerException: Cannot invoke "org.json.JSONArray.length()" because "representation" is null
        at org.dependencytrack.parser.snyk.SnykParser.parse(SnykParser.java:86)
        at org.dependencytrack.tasks.scanners.SnykAnalysisTask.handle(SnykAnalysisTask.java:368)
        at org.dependencytrack.tasks.scanners.SnykAnalysisTask.analyzeComponent(SnykAnalysisTask.java:332)
        at org.dependencytrack.tasks.scanners.SnykAnalysisTask.lambda$analyze$1(SnykAnalysisTask.java:254)
        at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)

In 2023-06-22 affected version ranges are reported under data[].attributes.coordinates[].representation as an array of strings, e.g.:

{
  "representation": [
    ",5.4.0),[6.0.0.pr1,6.4.0)"
  ]
}

In 2024-10-15 these same strings are now embedded in an array of objects under the property name representations:

{
  "representations": [{
    "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
  }]
}

The proposed fix attempts to read both properties and selects different parsing behaviour depending on which one is present. As far as I can tell this is the only breaking change between the two API versions that is relevant to DT's Snyk integration. I've tested the fix against both 2023-06-22 and 2024-10-15 successfully and updated the unit tests to cover the new format. Apologies if the implementation is lacking, I've not written any Java in a while.

This PR does not alter the default Snyk API version used by DT.

Checklist

• I have read and understand the contributing guidelines
• This PR fixes a defect, and I have provided tests to verify that the fix is effective
• This PR implements an enhancement, and I have provided tests to verify that it works as intended
• This PR introduces changes to the database model, and I have added corresponding update logic
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

[nscuro]

@ad8-adriant Thanks for the PR! Seems like the test SnykAnalysisTaskTest.testAnalyzeWithRateLimiting is failing.

[ad8-adriant]

Apologies, it should be fixed now.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ -0.01% (target: -1.00%)	✅ 75.00% (target: 70.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (ce15507)	23239	18662	80.30%
Head commit (847f46f)	23248 (+9)	18668 (+6)	80.30% (-0.01%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#4715)	12	9	75.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more}