Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exclude transitive dependencies from reporting #154

Open
grempe opened this issue Aug 20, 2021 · 0 comments
Open

Exclude transitive dependencies from reporting #154

grempe opened this issue Aug 20, 2021 · 0 comments

Comments

@grempe
Copy link

grempe commented Aug 20, 2021

If running depsbot against any non-trivial project with a large number of dependencies will result in a large number of reports similar to:

1:21-1:68  warning  [email protected] ~> [email protected]  outdated

This is not reporting that the projects dependencies are out of date, it is instead reporting the the projects dependencies are using older versions of Deno stdlib. This is not an issue that the project maintainer can resolve easily, nor is it necessarily a problem unless that version of stdlib has bugs related to the functionality being used.

It should be possible to turn off reporting for dependencies of dependencies.

Also related, the reports that are given are not easy to parse since they refer to hashed content in the local cache, and do not indicate what project actually has the dependency problem. e.g.

/Users/REDACTED_PATH/deno_dir/gen/https/deno.land/d73094cad3eb4f9dc58bec164942c5ae4cf79149db0adc9dca7f1b453d0c2e80.js
    1:21-1:67  warning  [email protected] ~> [email protected]   outdated

Clicking on that link in Deno takes the user to source code, and it is left to the user to try to identify what project that source code might be a part of.

These issues quickly make this project very difficult to use in a Github action workflow since the rate of false positives makes it fail continuously.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant