makeAggregateBom includes provided and system scope dependencies when they are excluded

[savu-a]

Since version 2.7.5 our scans have given us strange results when creating SBOM using the following:
-Pall org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -DoutputName=mavenSBOM -DincludeProvidedScope=false -DincludeSystemScope=false

We noticed a big discrepancy in the number of dependencies, and started to play with the version of CycloneDX (this came up in the course of #324 which affects us, too).

We noticed that using the following goals that specify the version, the number of dependencies would go back to what it was prior to February when version 2.7.5 was released.
-Pall org.cyclonedx:cyclonedx-maven-plugin:2.7.4:makeAggregateBom -DoutputName=mavenSBOM -DincludeProvidedScope=false -DincludeSystemScope=false

One other point is that since 2.7.5 some of our scans have increased in length drastically.

I looked a bit into the commits for 2.7.5 and found #267 which changed a couple of things. Could it be that, because the functions were changed to use Contains instead of Equals, that this messes up the final results and also increases the time?

[hboutemy]

updates in code have unit and integration tests to check that situation improves instead of regress: of course, tests may not cover everything: if you can share examples, that would help
2.7.6 addresses what is cited in this issue title = provided and system scope, see #302
I know that #324 is a blocker, we're working on it

[knrc]

Is this a duplicate of #284?

[hboutemy]

I suppose: @savu-a can you check with more recent plugin releases, please, so we can close safely?