Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: subcommand to view and update outdated dependencies #26942

Merged
merged 26 commits into from
Nov 20, 2024

Conversation

nathanwhit
Copy link
Member

@nathanwhit nathanwhit commented Nov 19, 2024

Closes #20487

Currently spelled

deno outdated

and

deno outdated --update

Works across package.json and deno.json, and in workspaces.

There's a bit of duplicated code, I'll refactor to reduce this in follow ups

Currently supported:

Printing outdated deps (current output below which basically mimics pnpm, but requesting feedback / suggestions)

deno outdated

Screenshot 2024-11-19 at 2 01 56 PM

Updating deps

semver compatible:

deno outdated --update

latest:

deno outdated --latest

current output is basic, again would love suggestions
Screenshot 2024-11-19 at 2 13 46 PM

Filters

deno outdated --update "@std/*"
deno outdated --update --latest "@std/* "!@std/fmt"

Update to specific versions

deno outdated --update @std/[email protected] @std/cli@^1.0.3

Include all workspace members

deno outdated --recursive
deno outdated --update --recursive

Future work

  • interactive update
  • update deps in js/ts files
  • better support for transitive deps

Known issues (to be fixed in follow ups):

  • If no top level dependencies have changed, we won't update transitive deps (even if they could be updated)
  • Can't filter transitive deps, or update them to specific versions

TODO (in this PR):

  • spec tests for filters
  • spec test for mixed workspace (have tested manually)
  • tweak output
  • suggestion when you try deno update

@bartlomieju
Copy link
Member

Does this only show changes for packages that actually have newer versions?

I have a project like this:

// deno.json
{
    "imports": {
        "@std/http": "jsr:@std/http@^1.0.0"
    }
}
// package.json
{
  "dependencies": {
    "express": "^4.21.0",
    "react": "^17.0.2",
    "vite": "^4.5.5"
  }
}

Running ./target/debug/deno outdated shows:

┌───────────┬─────────┬────────┬────────┐
│ Package   │ Current │ Update │ Latest │
├───────────┼─────────┼────────┼────────┤
│ npm:react │ 17.0.2  │ 17.0.2 │ 18.3.1 │
├───────────┼─────────┼────────┼────────┤
│ npm:vite  │ 4.5.5   │ 4.5.5  │ 5.4.11 │
└───────────┴─────────┴────────┴────────┘

There's no information for express and @std/http.

@nathanwhit
Copy link
Member Author

nathanwhit commented Nov 19, 2024

Does this only show changes for packages that actually have newer versions?

Yeah, only if the currently locked version is out of date. I went with that since that's what e.g. npm and pnpm do. It's easy if we want to change that though

@bartlomieju
Copy link
Member

Obviously - I had a test repo for this feature and I removed my lockfile before running the command, so it first installed latest semver versions and there was nothing to upgrade 👍

cli/args/flags.rs Outdated Show resolved Hide resolved
cli/args/flags.rs Show resolved Hide resolved
cli/args/flags.rs Show resolved Hide resolved
cli/tools/registry/pm/deps.rs Show resolved Hide resolved
cli/tools/registry/pm/deps.rs Outdated Show resolved Hide resolved
cli/tools/registry/pm/deps.rs Outdated Show resolved Hide resolved
cli/tools/registry/pm/deps.rs Show resolved Hide resolved
cli/tools/registry/pm/outdated.rs Show resolved Hide resolved
cli/tools/registry/pm/outdated.rs Show resolved Hide resolved
cli/tools/registry/pm/outdated.rs Show resolved Hide resolved
@@ -32,10 +33,13 @@ use crate::jsr::JsrFetchResolver;
use crate::npm::NpmFetchResolver;

mod cache_deps;
pub(crate) mod deps;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, there's not much point to pub(crate) in the CLI crate. I remove it whenever I see it.

Copy link
Member

@dsherret dsherret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. LGTM!

pub latest: Option<PackageNv>,
}

pub struct DepManager {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe DepUpdater? Generally Manager is a term that's avoided because it means the struct has more than one responsibility.

Comment on lines +498 to +505
deps: Vec<Dep>,
resolved_versions: Vec<Option<PackageNv>>,
latest_versions: Vec<PackageLatestVersion>,

pending_changes: Vec<Change>,

dependencies_resolved: AtomicBool,
module_load_preparer: Arc<ModuleLoadPreparer>,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future, it might be beneficial to separate the state out of this struct then have the "service struct" operate on the state. That way we could make everything be constructed in the factory.


dependencies_resolved: AtomicBool,
module_load_preparer: Arc<ModuleLoadPreparer>,
// TODO(nathanwhit): probably shouldn't be pub
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, generally passing dependencies around horizontally in the code is not great, but this is fine for now.

@nathanwhit nathanwhit merged commit 56f3162 into denoland:main Nov 20, 2024
17 checks passed
@nathanwhit nathanwhit deleted the update-outdated-subcommands branch November 20, 2024 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

suggestion: deno upgrade --deps (to keep dependencies up-to-date)
3 participants