If running depsbot against any non-trivial project with a large number of dependencies will result in a large number of reports similar to:
1:21-1:68 warning [email protected] ~> [email protected] outdated
This is not reporting that the projects dependencies are out of date, it is instead reporting the the projects dependencies are using older versions of Deno stdlib. This is not an issue that the project maintainer can resolve easily, nor is it necessarily a problem unless that version of stdlib has bugs related to the functionality being used.
It should be possible to turn off reporting for dependencies of dependencies.
Also related, the reports that are given are not easy to parse since they refer to hashed content in the local cache, and do not indicate what project actually has the dependency problem. e.g.
/Users/REDACTED_PATH/deno_dir/gen/https/deno.land/d73094cad3eb4f9dc58bec164942c5ae4cf79149db0adc9dca7f1b453d0c2e80.js
1:21-1:67 warning [email protected] ~> [email protected] outdated
Clicking on that link in Deno takes the user to source code, and it is left to the user to try to identify what project that source code might be a part of.
These issues quickly make this project very difficult to use in a Github action workflow since the rate of false positives makes it fail continuously.
How does funding with Polar work?
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too