dep/maven: use output file to store the dep tree for cleaner result

When using output file to store the dependency tree, `dependency:tree` emits a cleaner tree with effective pom file, this reduces unused dependencies in result

pkg/deps/golang.go

@@ -85,7 +85,7 @@ func (resolver *GoModResolver) Resolve(goModFile string, config *ConfigDeps, rep
 func (resolver *GoModResolver) ResolvePackages(modules []*packages.Module, config *ConfigDeps, report *Report) error {
 	for _, module := range modules {
 		func() {
-			if exclued, _ := config.IsExcluded(module.Path, module.Version); exclued {
+			if excluded, _ := config.IsExcluded(module.Path, module.Version); excluded {
 				return
 			}
 			if l, ok := config.GetUserConfiguredLicense(module.Path, module.Version); ok {

pkg/deps/maven.go

@@ -18,11 +18,10 @@
 package deps
 
 import (
-	"bufio"
-	"bytes"
 	"encoding/xml"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -126,19 +125,23 @@ func (resolver *MavenPomResolver) DownloadDeps() error {
 }
 
 func (resolver *MavenPomResolver) LoadDependencies(config *ConfigDeps) ([]*Dependency, error) {
-	buf := bytes.NewBuffer(nil)
-
-	cmd := exec.Command(resolver.maven, "dependency:tree") // #nosec G204
-	cmd.Stdout = bufio.NewWriter(buf)
-	cmd.Stderr = os.Stderr
+	depsFile, err := ioutil.TempFile(os.TempDir(), "maven-dependencies.txt")
+	if err != nil {
+		return nil, err
+	}
+	defer os.Remove(depsFile.Name())
 
-	logger.Log.Debugf("Running command: [%v], please wait", cmd.String())
-	err := cmd.Run()
+	output, err := exec.Command(resolver.maven, "dependency:tree", "-DoutputFile="+depsFile.Name()).Output() // #nosec G204
 	if err != nil {
+		logger.Log.Errorln(string(output))
 		return nil, err
 	}
 
-	deps := LoadDependencies(buf.Bytes(), config)
+	buf, err := os.ReadFile(depsFile.Name())
+	if err != nil {
+		return nil, err
+	}
+	deps := LoadDependencies(buf, config)
 	return deps, nil
 }