fix: propagate Maven error detail instead of hardcoded message [CSENG…#219
Open
neema-beglou-snyk wants to merge 1 commit into
Open
fix: propagate Maven error detail instead of hardcoded message [CSENG…#219neema-beglou-snyk wants to merge 1 commit into
neema-beglou-snyk wants to merge 1 commit into
Conversation
|
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
nico-incubiq
approved these changes
May 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Propagates the original Maven error detail (file path, line number, column, syntax error description) through
UnableToParseXMLErrorandFailedToBuildMavenProjectErrorinstead of discarding it and substituting hardcoded strings.Where should the reviewer start?
lib/maven/dependency-tree.ts— the catch block inexecuteMavenDependencyTree.How should this be manually tested?
Run
snyk sbom --format=cyclonedx1.5+jsonagainst a project with a malformedpom.xml(e.g. a missing>on a closing tag). The error output should now include the specific Maven parse error with line/column info rather than just "Error parsing the XML file".Any background context you want to provide?
Commit
e6918d9(PR #214, v4.6.1) replacedDependencyTreeErrorwith error catalog types but hardcoded the detail strings, discarding the original Maven stderr/stdout. This caused a regression where users lost actionable diagnostics — the error code changed from SNYK-CLI-0011 (which included full Maven output) to SNYK-OS-MAVEN-0005 (which only showed "Error parsing the XML file" with no location info).What are the relevant tickets?
CSENG-202
Screenshots
Before (v4.6.1 — hardcoded message):
After (this fix — propagated detail):
Additional questions
None.