search

kubernetes / ingress-nginx

Ingress-NGINX Controller for Kubernetes
https://kubernetes.github.io/ingress-nginx/
Apache License 2.0
17.22k stars 8.2k forks source link

Tracking aging dependencies in Ingress-nginx #8910

Open strongjz opened 2 years ago

strongjz commented 2 years ago

Tracking aging dependencies in Ingress-nginx using the idea of Libyear.

https://libyear.com/

A simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are.

Example current readout

total libyear count: 55.60 year(s)

We have dependabot enabled in the project so it would be helpful to understand why some of these deps are not getting updates. Also gives us an idea of how old some of our deps, that may not be getting updated. 

 libyear -indirect | grep -v "0.00 year"
github.com/mitchellh/hashstructure: 0.51 year(s) (current: v1.1.0, newest: v2.0.2)
github.com/prometheus/client_golang: 0.23 year(s) (current: v1.12.2, newest: v1.13.0)
golang.org/x/crypto: 0.43 year(s) (current: v0.0.0-20220214200702-86341886e292, newest: v0.0.0-20220722155217-630584e8d5aa)
golang.org/x/net: 0.44 year(s) (current: v0.0.0-20220225172249-27dd8689420f, newest: v0.0.0-20220805013720-a33c5aa5df48)
k8s.io/api: 0.23 year(s) (current: v0.23.6, newest: v0.24.3)
k8s.io/apiextensions-apiserver: 0.32 year(s) (current: v0.23.5, newest: v0.24.3)
k8s.io/apimachinery: 0.18 year(s) (current: v0.23.6, newest: v0.24.3)
k8s.io/apiserver: 0.33 year(s) (current: v0.23.5, newest: v0.24.3)
k8s.io/cli-runtime: 0.32 year(s) (current: v0.23.5, newest: v0.24.3)
k8s.io/client-go: 0.23 year(s) (current: v0.23.6, newest: v0.24.3)
k8s.io/code-generator: 0.24 year(s) (current: v0.23.5, newest: v0.24.3)
k8s.io/component-base: 0.23 year(s) (current: v0.23.6, newest: v0.24.3)
sigs.k8s.io/controller-runtime: 0.27 year(s) (current: v0.11.2, newest: v0.12.3)
cloud.google.com/go: 1.24 year(s) (current: v0.81.0, newest: v0.103.0)
github.com/blang/semver: -2.42 year(s) (current: v3.5.1+incompatible, newest: v2.2.0+incompatible)
github.com/emicklei/go-restful: 3.16 year(s) (current: v2.9.5+incompatible, newest: v2.16.0+incompatible)
github.com/evanphx/json-patch: -0.79 year(s) (current: v4.12.0+incompatible, newest: v0.5.2)
github.com/fatih/structs: 1.70 year(s) (current: v1.0.0, newest: v1.1.0)
github.com/form3tech-oss/jwt-go: 0.25 year(s) (current: v3.2.3+incompatible, newest: v3.2.5+incompatible)
github.com/fullsailor/pkcs7: 2.97 year(s) (current: v0.0.0-20160414161337-2585af45975b, newest: v0.0.0-20190404230743-d7302db945fa)
github.com/go-errors/errors: 3.90 year(s) (current: v1.0.1, newest: v1.4.2)
github.com/go-logr/logr: 0.40 year(s) (current: v1.2.0, newest: v1.2.3)
github.com/go-openapi/jsonreference: 1.37 year(s) (current: v0.19.5, newest: v0.20.0)
github.com/go-openapi/swag: 0.98 year(s) (current: v0.19.14, newest: v0.21.1)
github.com/godbus/dbus/v5: 0.34 year(s) (current: v5.0.6, newest: v5.1.0)
github.com/gomarkdown/markdown: 1.22 year(s) (current: v0.0.0-20210514010506-3b9f47219fe7, newest: v0.0.0-20220731190611-dcdaee8e7a53)
github.com/google/btree: 2.67 year(s) (current: v1.0.1, newest: v1.1.2)
github.com/google/go-cmp: 0.92 year(s) (current: v0.5.6, newest: v0.5.8)
github.com/google/go-querystring: 2.48 year(s) (current: v1.0.0, newest: v1.1.0)
github.com/google/gofuzz: 0.77 year(s) (current: v1.1.0, newest: v1.2.0)
github.com/google/uuid: 0.47 year(s) (current: v1.2.0, newest: v1.3.0)
github.com/googleapis/gnostic: 0.99 year(s) (current: v0.5.5, newest: v0.6.9)
github.com/gorilla/websocket: 1.80 year(s) (current: v1.4.2, newest: v1.5.0)
github.com/gregjones/httpcache: 1.27 year(s) (current: v0.0.0-20180305231024-9cad4c3443a7, newest: v0.0.0-20190611155906-901d90724c79)
github.com/imkira/go-interpol: 0.21 year(s) (current: v1.0.0, newest: v1.1.0)
github.com/klauspost/compress: 0.06 year(s) (current: v1.15.7, newest: v1.15.9)
github.com/mailru/easyjson: 0.49 year(s) (current: v0.7.6, newest: v0.7.7)
github.com/matttproud/golang_protobuf_extensions: -2.69 year(s) (current: v1.0.2-0.20181231171920-c182affec369, newest: v1.0.1)
github.com/mmarkdown/mmark: 2.92 year(s) (current: v2.0.40+incompatible, newest: v2.2.25)
github.com/moby/sys/mountinfo: 0.59 year(s) (current: v0.5.0, newest: v0.6.2)
github.com/opencontainers/runtime-spec: -1.00 year(s) (current: v1.0.3-0.20210326190908-1c3f411f0417, newest: v1.0.2)
github.com/prometheus/procfs: 0.94 year(s) (current: v0.7.3, newest: v0.8.0)
github.com/sergi/go-diff: 1.04 year(s) (current: v1.1.0, newest: v1.2.0)
github.com/sirupsen/logrus: 1.36 year(s) (current: v1.8.1, newest: v1.9.0)
github.com/xeipuuv/gojsonpointer: 1.61 year(s) (current: v0.0.0-20180127040702-4e3ac2762d5f, newest: v0.0.0-20190905194746-02993c407bfb)
github.com/xeipuuv/gojsonschema: 0.77 year(s) (current: v1.1.0, newest: v1.2.0)
github.com/xlab/treeprint: 2.22 year(s) (current: v0.0.0-20181112141820-a009c3971eca, newest: v1.1.0)
go.starlark.net: 2.36 year(s) (current: v0.0.0-20200306205701-8dd3e2ee1dd5, newest: v0.0.0-20220714194419-4cadf0a12139)
golang.org/x/mod: -0.29 year(s) (current: v0.6.0-dev.0.20220106191415-9b9b3d81d5e3, newest: v0.5.1)
golang.org/x/oauth2: 0.41 year(s) (current: v0.0.0-20220223155221-ee480838109b, newest: v0.0.0-20220722155238-128564f6959c)
golang.org/x/sys: 0.31 year(s) (current: v0.0.0-20220412211240-33da011f77ad, newest: v0.0.0-20220804214406-8e32c043e418)
golang.org/x/term: 0.82 year(s) (current: v0.0.0-20210927222741-03fcf44c2211, newest: v0.0.0-20220722155259-a9ba230a4035)
golang.org/x/time: 1.00 year(s) (current: v0.0.0-20210723032227-1f47c861a9ac, newest: v0.0.0-20220722155302-e5dcc9cfc0b9)
golang.org/x/tools: 0.37 year(s) (current: v0.1.10, newest: v0.1.12)
golang.org/x/xerrors: 1.85 year(s) (current: v0.0.0-20200804184101-5ec99f83aff1, newest: v0.0.0-20220609144429-65e65417b02f)
google.golang.org/appengine: 1.81 year(s) (current: v1.6.7, newest: v2.0.2)
google.golang.org/genproto: 0.93 year(s) (current: v0.0.0-20210831024726-fe130286e0e2, newest: v0.0.0-20220805133916-01dd62135a58)
google.golang.org/protobuf: 0.35 year(s) (current: v1.28.0, newest: v1.28.1)
k8s.io/gengo: 0.83 year(s) (current: v0.0.0-20210813121822-485abfe95c7c, newest: v0.0.0-20220613173612-397b4ae3bce7)
k8s.io/kube-openapi: 0.71 year(s) (current: v0.0.0-20211115234752-e816edb12b65, newest: v0.0.0-20220803164354-a70c9af30aea)
k8s.io/utils: 0.69 year(s) (current: v0.0.0-20211116205334-6203023598ed, newest: v0.0.0-20220728103510-ee6ede2d64ed)
moul.io/http2curl: 2.46 year(s) (current: v1.0.1-0.20190925090545-5cd742060b0e, newest: v2.3.0)
sigs.k8s.io/json: 0.73 year(s) (current: v0.0.0-20211020170558-c049b76a60c6, newest: v0.0.0-20220713155537-f223a00ba0e2)
sigs.k8s.io/kustomize/api: 0.72 year(s) (current: v0.10.1, newest: v0.12.1)
sigs.k8s.io/kustomize/kyaml: 0.72 year(s) (current: v0.13.0, newest: v0.13.9)
sigs.k8s.io/structured-merge-diff/v4: 0.66 year(s) (current: v4.2.1, newest: v5.0.0-wrong)
total libyear count: 55.60 year(s)

/kind feature /triage accepted /assign @strongjz /area stabilization

jaehnri commented 2 years ago

Hi, @strongjz! Would you mind detailing what we want to achieve with this task? I've seen some projects put the libyear drift as a GitHub badge on top of the README, e.g., libyear-node-action. Is this our objective? If so, I could tackle it. Thanks!

jaehnri commented 1 year ago

/assign

k8s-triage-robot commented 7 months ago

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted