ignore unresolved project dependency

[sondrele]

It seams like gradle outputs information about unresolved sub projects when running the gradle :app:dependencies task, see the sample output provided in the new test case:

implementation - Implementation only dependencies for compilation 'main' (target  (jvm)). (n)
\\--- project hello (n)

The action fails when gradle sub projects are located in a nested directory and when the action is run with sub-module-mode: INDIVIDUAL (and INDIVIDUAL_DEEP, I would assume).
The issue is further described by others here: https://github.com/mikepenz/gradle-dependency-submission/issues/237

I didn't spend too much time looking into the code, but I found a position in the parsing logic where it seamed fit to ignore these kind of project dependencies.
I've also included a test case and commited the result of running npm run package.

Please provide feedback if you have any, or feel free to make any changes you seem fit 🙂

[mikepenz]

Thank you very much for the PR, I'll look into it as soon as possible, the last few weeks have been very busy.

[mikepenz]

Thank you again for this PR 🎉

[sondrele]

Thank you! 😄 Would it also be possible to make a new release? @mikepenz 🙏

[mikepenz]

Until there has been a release, you can also depend on the full length commit hash.

E.g.:

mikepenz/gradle-dependency-submission@4c18b5f3e7cc4eda0bbeb2eb93aafec7f0980bc2

Overall it's good practice from a security perspective to use the hash, as the author of an action can't modify the sources associate with it ever.

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

[sondrele]

Yeah, that's the approach I ended up with 👍