Show path to any dependency, and not only vulnerable ones
Blocked by #227601
This is not technically blocked by #227601 but the work has been organized in this order and changing the order would impact the content of that issue.
Problem to solve
As a maintainer reviewing project dependencies using the dependency list, I need to know how a transient dependency relates to the top-level dependencies, so that I can assess the need for it, and possibly get rid of it.
This is a follow-up issue to #227620 (closed) which is about showing the dependency path(s) to vulnerable dependencies, and doesn't cover dependencies that are not affected by vulnerabilities.
Intended users
User experience goal
Proposal
When clicking on the Location of a component from the Dependency List, open a pop-in window that shows the all the paths connecting a dependency to the top-level dependencies. See #227601
The Dependency Scanning report format needs to be revisited so that it can carry the full dependency graph of any lock file (or equivalent). Alternatively, we might decide to introduce a new report that represents the Bill of Materials, and contains the full dependency graph.
TBD: Decide if we extend the Dependency Scanning report format or introduce a new type of artifact.