Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Pretty-simple "find dependency updates" helper (cadence-workflow#4000)
While building github.com/cadence-workflow/cadence-go-client/pull/1060, I realized I kinda missed the out-of-date warnings. So here's something kinda similar. An alternative option is to use something like https://github.com/psampaz/go-mod-outdated, but unfortunately that one will just tell you _what_ updates are available, not how old they are. It's pretty good otherwise though. It may be worth adding e.g. a "nothing > 100 days" check to `make lint` and/or CI? Otherwise I tend to see dependencies go un-upgraded for huge lengths of time. --- The output currently shows the maximum of these two values, as it feels like a pretty good "badness" metric: - how much time has passed between the current version and the latest version - how much time has passed since the latest version was released Either alone produces some non-great edge cases: - with only the first: - a long-stable library with a fix today looks 100s of days old - a release -> immediate bugfix release looks 0 days old (e.g. `rsc.io/sampler`) - with only the second: - a consistently-releasing library always looks "recent-ish". e.g. prior to them using tags, golang.org/x/tools would usually look <7 days old, as `master` is updated frequently... even though we were a few months behind. Ideally, IMO, this would check for both: - how old is our current version? (which this does) - how long have we ignored _any_ update? But AFAICT that'd require custom requests to a goproxy, as we cannot get "current+1" versions, only "current" and "latest".
- Loading branch information