Fix dependency names on state commit

[MDrakos]

DX-2966 COMMIT: We get the message with a list of all dependencies and it is also not properly wrapped if too long.

[mitchell-as]

This doesn't feel right, because we're going to need to duplicate this logic in other places that will eventually get CVE reporting. It looks like state import is not passing any names to cves.NewCveReport() either, so presumably it suffers from the same bug.

Can we put all of this logic in the Report() method? Kind of like how the change summary reporter diffs two buildplans? (

cli/internal/runbits/dependencies/changesummary.go

Line 30 in 0bb4d84

changeset := newBuildPlan.DiffArtifacts(oldBuildPlan, false)

). If we need absolutely need buildscripts, then maybe we should be passing commits to the method instead of buildplans.

[MDrakos]

Good point about the repeated logic. The changeset gets us back to the original problem where it's including too many requirements as we just want the top level ones and not the dependencies. I've moved this logic inside the Report method and we're now passing it commits.

[mitchell-as]

Is there any way we can compute the names here inside Report() and remove these extra arguments? Maybe diffing the buildscripts will be enough?

It's unclear to me when we need to pass names, and when we do not. Currently only requirements passes names, and when other commands start calling this function, are they supposed to pass names or omit them? There's an ambiguity here and I'd either like to remove it, or add a documentation comment to Report() as to when names are required an when they can be omitted.

[MDrakos]

Now that we are using the build plan to get the requested requirements we should be okay to remove the names parameter.

[mitchell-as]

This looks fine to me, but before merging, please run the integration tests for install,import,package. They all use this code path and we want to make sure we didn't break anything.