You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are searching for a tool to support EOL management of dependencies. I'll try to explain our idea and would like to know, if a pull request of this kind is interesting for others as well and would be accepted - or if this is out of scope of this plugin.
The current report via "dependency-updates-report" is great to be informed for possible updates and so it ensures that the projects don't use real old dependency versions if newer are available.
But what if there is no newer version for a dependency since years? It will never show in the report, because there is no update. We would like to visualize this dependencies too - so the project can decide what to do with this old dependencies. Is it still ok to use them or should they be replaced by another dependency? Maybe just the GAV was changed? Or there is a fork? Or something completely new?
An outline of what changes would be required to make this possible:
a) a new config parameter like "eolBefore" which contains a date and advices the report to treat all dependencies with a release date before this to be old
b) the release date of each dependency needs to be determinded (e.g. a request like https://search.maven.org/solrsearch/select?q=a:jasypt-spring3+AND+g:org.jasypt&rows=1&wt=json to get the "timestamp") - or does somebody know a better source?
c) the dependency-updates-report should contain one more column which contains the release date of the dependency
d) the dependency-updates-report should contain one more category "# of dependencies using the latest version available which is older than "
Only if in a) the config parameter is used, b), c) and d) will be executed.
The text was updated successfully, but these errors were encountered:
We are searching for a tool to support EOL management of dependencies. I'll try to explain our idea and would like to know, if a pull request of this kind is interesting for others as well and would be accepted - or if this is out of scope of this plugin.
The current report via "dependency-updates-report" is great to be informed for possible updates and so it ensures that the projects don't use real old dependency versions if newer are available.
But what if there is no newer version for a dependency since years? It will never show in the report, because there is no update. We would like to visualize this dependencies too - so the project can decide what to do with this old dependencies. Is it still ok to use them or should they be replaced by another dependency? Maybe just the GAV was changed? Or there is a fork? Or something completely new?
An outline of what changes would be required to make this possible:
a) a new config parameter like "eolBefore" which contains a date and advices the report to treat all dependencies with a release date before this to be old
b) the release date of each dependency needs to be determinded (e.g. a request like https://search.maven.org/solrsearch/select?q=a:jasypt-spring3+AND+g:org.jasypt&rows=1&wt=json to get the "timestamp") - or does somebody know a better source?
c) the dependency-updates-report should contain one more column which contains the release date of the dependency
d) the dependency-updates-report should contain one more category "# of dependencies using the latest version available which is older than "
Only if in a) the config parameter is used, b), c) and d) will be executed.
The text was updated successfully, but these errors were encountered: