什么是 Go (mod) 等同于 npm-outdated?
What's the Go (mod) equivalent of npm-outdated?
我想让我的 go.mod 依赖项保持最新。使用 Node.js,我 运行 npm outdated(以及后来的 npm update)。
最接近围棋的是什么mod?
理想情况下,我会看到一份关于我的项目的过时依赖项的报告(并非全部递归)。谢谢
列出直接和间接依赖项
这在 Go 1.11 Modules: How to Upgrade and Downgrade Dependencies wiki 中有详细说明:
To view available minor and patch upgrades for all direct and indirect dependencies, run go list -u -m all.
To upgrade to the latest version for all direct and indirect dependencies of the current module:
- run
go get -u to use the latest minor or patch releases
- run
go get -u=patch to use the latest patch releases
您可以在此处阅读更多详细信息:Command go: List packages or modules。
还有第 3 方应用程序:https://github.com/psampaz/go-mod-outdated:
An easy way to find outdated dependencies of your Go projects. go-mod-outdated provides a table view of the go list -u -m -json all command which lists all dependencies of a Go project and their available minor and patch updates. It also provides a way to filter indirect dependencies and dependencies without updates.
仅列出直接依赖关系
如果您对间接依赖不感兴趣,我们可以过滤掉它们。没有过滤掉间接依赖的标志,但我们可以使用自定义输出格式来做到这一点。
The -f flag specifies an alternate format for the list, using the syntax of package template.
所以你可以指定一个格式为模板文档,符合text/template。
When listing modules, the -f flag still specifies a format template applied to a Go struct, but now a Module struct:
type Module struct {
Path string // module path
Version string // module version
Versions []string // available module versions (with -versions)
Replace *Module // replaced by this module
Time *time.Time // time version was created
Update *Module // available update, if any (with -u)
Main bool // is this the main module?
Indirect bool // is this module only an indirect dependency of main module?
Dir string // directory holding files for this module, if any
GoMod string // path to go.mod file for this module, if any
Error *ModuleError // error loading module
}
type ModuleError struct {
Err string // the error itself
}
注意:这个Module结构是在命令go的内部包中定义的:https://godoc.org/cmd/go/internal/modinfo
因此,例如要像以前一样列出直接和间接依赖关系,但现在还要在间接依赖关系之后附加一个 IAMINDIRECT 词,可以这样完成:
go list -u -m -f '{{.}}{{if .Indirect}} IAMINDIRECT{{end}}' all
否定逻辑,列出直接和间接依赖关系,但这次 "mark" 仅列出与 IAMDIRECT:
的直接依赖关系
go list -u -m -f '{{.}}{{if not .Indirect}} IAMDIRECT{{end}}' all
我们快到了。我们现在只需要过滤掉不包含 IAMDIRECT 单词的行:
go list -u -m -f '{{.}}{{if not .Indirect}} IAMDIRECT{{end}}' all | grep IAMDIRECT
备选
以上解决方案基于 grep 命令。但实际上我们并不需要那样。如果指定的模板生成空文档,则从输出中跳过该行。
所以我们可以这样实现:
go list -u -m -f '{{if not .Indirect}}{{.}}{{end}}' all
基本上我们只调用Module.String()(我们只包含一个依赖)如果它不是间接的。作为额外的收获,此解决方案也适用于 Windows。
仅列出有更新的依赖项
与我们过滤掉间接依赖的方式类似,这也是一个 "piece of cake",因为 Module 结构包含一个 Update 字段,用于有更新的包/模块:
go list -u -m -f '{{if .Update}}{{.}}{{end}}' all
另见相关问题:
built-in go list 的问题在于它不会向您显示依赖项的新主要版本。参见:https://github.com/golang/go/issues/40323
这是一个显示过时的直接依赖关系的工具,包括新的主要版本。
https://github.com/icholy/gomajor
Hashicorp 保险库中的 运行 示例:
$ gomajor list
cloud.google.com/go: v0.65.0 [latest v0.100.2]
cloud.google.com/go/spanner: v1.5.1 [latest v1.29.0]
cloud.google.com/go/storage: v1.10.0 [latest v1.20.0]
github.com/Azure/go-autorest/autorest: v0.11.21 [latest v0.11.24]
github.com/Azure/go-autorest/autorest/adal: v0.9.14 [latest v0.9.18]
github.com/SAP/go-hdb: v0.14.1 [latest v0.105.5]
github.com/aerospike/aerospike-client-go/v5: v5.6.0 [latest v5.7.0]
github.com/aliyun/alibaba-cloud-sdk-go: v0.0.0-20190620160927-9418d7b0cd0f [latest v1.61.1479]
github.com/aliyun/aliyun-oss-go-sdk: v0.0.0-20190307165228-86c17b95fcd5 [latest v2.2.0+incompatible]
github.com/aws/aws-sdk-go: v1.37.19 [latest v1.42.49]
github.com/cenkalti/backoff/v3: v3.0.0 [latest v4.1.2]
github.com/cockroachdb/cockroach-go: v0.0.0-20181001143604-e0a95dfd547c [latest v2.2.8]
github.com/docker/docker: v20.10.10+incompatible [latest v20.10.12+incompatible]
github.com/go-errors/errors: v1.4.1 [latest v1.4.2]
github.com/go-sql-driver/mysql: v1.5.0 [latest v1.6.0]
github.com/google/go-cmp: v0.5.6 [latest v0.5.7]
github.com/google/go-github: v17.0.0+incompatible [latest v42.0.0]
github.com/google/go-metrics-stackdriver: v0.2.0 [latest v0.4.0]
github.com/hashicorp/consul-template: v0.27.2-0.20211014231529-4ff55381f1c4 [latest v0.27.2]
github.com/hashicorp/consul/api: v1.11.0 [latest v1.12.0]
github.com/hashicorp/go-secure-stdlib/awsutil: v0.1.5 [latest v0.1.6]
github.com/hashicorp/go-secure-stdlib/mlock: v0.1.1 [latest v0.1.2]
github.com/hashicorp/go-secure-stdlib/strutil: v0.1.1 [latest v0.1.2]
github.com/hashicorp/hcl: v1.0.1-vault-3 [latest v2.11.1]
github.com/hashicorp/raft: v1.3.3 [latest v1.3.4]
github.com/hashicorp/raft-autopilot: v0.1.3 [latest v0.1.5]
github.com/hashicorp/raft-boltdb/v2: v2.0.0-20210421194847-a7e34179d62c [latest v2.2.1]
github.com/hashicorp/vault-plugin-auth-kubernetes: v0.7.1-0.20220107030939-d289258274b7 [latest v0.11.5]
github.com/hashicorp/vault-plugin-mock: v0.16.1 [latest v0.19.13]
github.com/hashicorp/vault-plugin-secrets-kv: v0.5.7-0.20220112155832-c2eb38b5f5b6 [latest v0.10.1]
github.com/hashicorp/vault/api/auth/approle: v0.1.0 [latest v0.1.1]
github.com/jefferai/jsonx: v1.0.0 [latest v1.0.1]
github.com/lib/pq: v1.10.3 [latest v1.10.4]
github.com/michaelklishin/rabbit-hole/v2: v2.11.0 [latest v2.12.0]
github.com/mitchellh/copystructure: v1.0.0 [latest v1.2.0]
github.com/mitchellh/go-testing-interface: v1.14.0 [latest v1.14.1]
github.com/mitchellh/go-wordwrap: v1.0.0 [latest v1.0.1]
github.com/mitchellh/mapstructure: v1.4.2 [latest v1.4.3]
github.com/mongodb/go-client-mongodb-atlas: v0.1.2 [latest v0.14.0]
github.com/natefinch/atomic: v0.0.0-20150920032501-a62ce929ffcc [latest v1.0.1]
github.com/ncw/swift: v1.0.47 [latest v2.0.1]
github.com/oklog/run: v1.0.0 [latest v1.1.0]
github.com/okta/okta-sdk-golang/v2: v2.9.1 [latest v2.10.1]
github.com/oracle/oci-go-sdk: v13.1.0+incompatible [latest v57.0.0]
github.com/ory/dockertest: v3.3.5+incompatible [latest v3.8.1]
github.com/ory/dockertest/v3: v3.8.0 [latest v3.8.1]
github.com/pquerna/otp: v1.2.1-0.20191009055518-468c2dd2b58d [latest v1.3.0]
github.com/prometheus/client_golang: v1.11.0 [latest v1.12.1]
github.com/prometheus/common: v0.26.0 [latest v0.32.1]
github.com/ryanuber/columnize: v2.1.0+incompatible [latest v2.1.2+incompatible]
github.com/sasha-s/go-deadlock: v0.2.0 [latest v0.3.1]
github.com/sethvargo/go-limiter: v0.7.1 [latest v0.7.2]
github.com/shirou/gopsutil: v3.21.5+incompatible [latest v3.22.1]
go.etcd.io/etcd/client/pkg/v3: v3.5.0 [latest v3.5.2]
go.etcd.io/etcd/client/v2: v2.305.0 [latest v3.5.2]
go.etcd.io/etcd/client/v3: v3.5.0 [latest v3.5.2]
go.mongodb.org/mongo-driver: v1.7.3 [latest v1.8.3]
go.opentelemetry.io/otel: v0.20.0 [latest v1.3.0]
go.opentelemetry.io/otel/sdk: v0.20.0 [latest v1.3.0]
go.opentelemetry.io/otel/trace: v0.20.0 [latest v1.3.0]
go.uber.org/goleak: v1.1.11-0.20210813005559-691160354723 [latest v1.1.12]
golang.org/x/tools: v0.1.5 [latest v0.1.9]
google.golang.org/api: v0.30.0 [latest v0.68.0]
google.golang.org/grpc: v1.41.0 [latest v1.44.0]
google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0 [latest v1.2.0]
gopkg.in/ory-am/dockertest.v3: v3.3.4 [latest v3.8.1]
mvdan.cc/gofumpt: v0.1.1 [latest v0.2.1]
使用 go list -u -m icza's , you can combine it with psampaz/go-mod-outdated, from psampaz
中的所有提及
go-mod-outdated provides a table view of the go list -u -m -json all command which lists all dependencies of a Go project and their available minor and patch updates.
It also provides a way to filter indirect dependencies and dependencies without updates.
In short it turns this:
{
"Path": "github.com/BurntSushi/locker",
"Version": "v0.0.0-20171006230638-a6e239ea1c69",
"Time": "2017-10-06T23:06:38Z",
"GoMod": "/home/mojo/go/pkg/mod/cache/download/github.com/!burnt!sushi/locker/@v/v0.0.0-20171006230638-a6e239ea1c69.mod"
}
{
"Path": "github.com/BurntSushi/toml",
"Version": "v0.0.0-20170626110600-a368813c5e64",
"Time": "2017-06-26T11:06:00Z",
"Update": {
"Path": "github.com/BurntSushi/toml",
"Version": "v0.3.1",
"Time": "2018-08-15T10:47:33Z"
},
"GoMod": "/home/mojo/go/pkg/mod/cache/download/github.com/!burnt!sushi/toml/@v/v0.0.0-20170626110600-a368813c5e64.mod"
}
into this:
+--------------------------------+---------------+-------------+--------+------------------+
| MODULE | VERSION | NEW VERSION | DIRECT | VALID TIMESTAMPS |
+--------------------------------+---------------+-------------+--------+------------------+
| github.com/BurntSushi/locker | v0.0.0-20... | | true | true |
| github.com/BurntSushi/toml | v0.0.0-20.. | v0.3.1 | true | true |
+--------------------------------+---------------+-------------+--------+------------------+
我想让我的 go.mod 依赖项保持最新。使用 Node.js,我 运行 npm outdated(以及后来的 npm update)。
最接近围棋的是什么mod?
理想情况下,我会看到一份关于我的项目的过时依赖项的报告(并非全部递归)。谢谢
列出直接和间接依赖项
这在 Go 1.11 Modules: How to Upgrade and Downgrade Dependencies wiki 中有详细说明:
To view available minor and patch upgrades for all direct and indirect dependencies, run
go list -u -m all.To upgrade to the latest version for all direct and indirect dependencies of the current module:
- run
go get -uto use the latest minor or patch releases- run
go get -u=patchto use the latest patch releases
您可以在此处阅读更多详细信息:Command go: List packages or modules。
还有第 3 方应用程序:https://github.com/psampaz/go-mod-outdated:
An easy way to find outdated dependencies of your Go projects. go-mod-outdated provides a table view of the go list -u -m -json all command which lists all dependencies of a Go project and their available minor and patch updates. It also provides a way to filter indirect dependencies and dependencies without updates.
仅列出直接依赖关系
如果您对间接依赖不感兴趣,我们可以过滤掉它们。没有过滤掉间接依赖的标志,但我们可以使用自定义输出格式来做到这一点。
The
-fflag specifies an alternate format for the list, using the syntax of package template.
所以你可以指定一个格式为模板文档,符合text/template。
When listing modules, the
-fflag still specifies a format template applied to a Go struct, but now aModulestruct:type Module struct { Path string // module path Version string // module version Versions []string // available module versions (with -versions) Replace *Module // replaced by this module Time *time.Time // time version was created Update *Module // available update, if any (with -u) Main bool // is this the main module? Indirect bool // is this module only an indirect dependency of main module? Dir string // directory holding files for this module, if any GoMod string // path to go.mod file for this module, if any Error *ModuleError // error loading module } type ModuleError struct { Err string // the error itself }
注意:这个Module结构是在命令go的内部包中定义的:https://godoc.org/cmd/go/internal/modinfo
因此,例如要像以前一样列出直接和间接依赖关系,但现在还要在间接依赖关系之后附加一个 IAMINDIRECT 词,可以这样完成:
go list -u -m -f '{{.}}{{if .Indirect}} IAMINDIRECT{{end}}' all
否定逻辑,列出直接和间接依赖关系,但这次 "mark" 仅列出与 IAMDIRECT:
go list -u -m -f '{{.}}{{if not .Indirect}} IAMDIRECT{{end}}' all
我们快到了。我们现在只需要过滤掉不包含 IAMDIRECT 单词的行:
go list -u -m -f '{{.}}{{if not .Indirect}} IAMDIRECT{{end}}' all | grep IAMDIRECT
备选
以上解决方案基于 grep 命令。但实际上我们并不需要那样。如果指定的模板生成空文档,则从输出中跳过该行。
所以我们可以这样实现:
go list -u -m -f '{{if not .Indirect}}{{.}}{{end}}' all
基本上我们只调用Module.String()(我们只包含一个依赖)如果它不是间接的。作为额外的收获,此解决方案也适用于 Windows。
仅列出有更新的依赖项
与我们过滤掉间接依赖的方式类似,这也是一个 "piece of cake",因为 Module 结构包含一个 Update 字段,用于有更新的包/模块:
go list -u -m -f '{{if .Update}}{{.}}{{end}}' all
另见相关问题:
built-in go list 的问题在于它不会向您显示依赖项的新主要版本。参见:https://github.com/golang/go/issues/40323
这是一个显示过时的直接依赖关系的工具,包括新的主要版本。
https://github.com/icholy/gomajor
Hashicorp 保险库中的 运行 示例:
$ gomajor list
cloud.google.com/go: v0.65.0 [latest v0.100.2]
cloud.google.com/go/spanner: v1.5.1 [latest v1.29.0]
cloud.google.com/go/storage: v1.10.0 [latest v1.20.0]
github.com/Azure/go-autorest/autorest: v0.11.21 [latest v0.11.24]
github.com/Azure/go-autorest/autorest/adal: v0.9.14 [latest v0.9.18]
github.com/SAP/go-hdb: v0.14.1 [latest v0.105.5]
github.com/aerospike/aerospike-client-go/v5: v5.6.0 [latest v5.7.0]
github.com/aliyun/alibaba-cloud-sdk-go: v0.0.0-20190620160927-9418d7b0cd0f [latest v1.61.1479]
github.com/aliyun/aliyun-oss-go-sdk: v0.0.0-20190307165228-86c17b95fcd5 [latest v2.2.0+incompatible]
github.com/aws/aws-sdk-go: v1.37.19 [latest v1.42.49]
github.com/cenkalti/backoff/v3: v3.0.0 [latest v4.1.2]
github.com/cockroachdb/cockroach-go: v0.0.0-20181001143604-e0a95dfd547c [latest v2.2.8]
github.com/docker/docker: v20.10.10+incompatible [latest v20.10.12+incompatible]
github.com/go-errors/errors: v1.4.1 [latest v1.4.2]
github.com/go-sql-driver/mysql: v1.5.0 [latest v1.6.0]
github.com/google/go-cmp: v0.5.6 [latest v0.5.7]
github.com/google/go-github: v17.0.0+incompatible [latest v42.0.0]
github.com/google/go-metrics-stackdriver: v0.2.0 [latest v0.4.0]
github.com/hashicorp/consul-template: v0.27.2-0.20211014231529-4ff55381f1c4 [latest v0.27.2]
github.com/hashicorp/consul/api: v1.11.0 [latest v1.12.0]
github.com/hashicorp/go-secure-stdlib/awsutil: v0.1.5 [latest v0.1.6]
github.com/hashicorp/go-secure-stdlib/mlock: v0.1.1 [latest v0.1.2]
github.com/hashicorp/go-secure-stdlib/strutil: v0.1.1 [latest v0.1.2]
github.com/hashicorp/hcl: v1.0.1-vault-3 [latest v2.11.1]
github.com/hashicorp/raft: v1.3.3 [latest v1.3.4]
github.com/hashicorp/raft-autopilot: v0.1.3 [latest v0.1.5]
github.com/hashicorp/raft-boltdb/v2: v2.0.0-20210421194847-a7e34179d62c [latest v2.2.1]
github.com/hashicorp/vault-plugin-auth-kubernetes: v0.7.1-0.20220107030939-d289258274b7 [latest v0.11.5]
github.com/hashicorp/vault-plugin-mock: v0.16.1 [latest v0.19.13]
github.com/hashicorp/vault-plugin-secrets-kv: v0.5.7-0.20220112155832-c2eb38b5f5b6 [latest v0.10.1]
github.com/hashicorp/vault/api/auth/approle: v0.1.0 [latest v0.1.1]
github.com/jefferai/jsonx: v1.0.0 [latest v1.0.1]
github.com/lib/pq: v1.10.3 [latest v1.10.4]
github.com/michaelklishin/rabbit-hole/v2: v2.11.0 [latest v2.12.0]
github.com/mitchellh/copystructure: v1.0.0 [latest v1.2.0]
github.com/mitchellh/go-testing-interface: v1.14.0 [latest v1.14.1]
github.com/mitchellh/go-wordwrap: v1.0.0 [latest v1.0.1]
github.com/mitchellh/mapstructure: v1.4.2 [latest v1.4.3]
github.com/mongodb/go-client-mongodb-atlas: v0.1.2 [latest v0.14.0]
github.com/natefinch/atomic: v0.0.0-20150920032501-a62ce929ffcc [latest v1.0.1]
github.com/ncw/swift: v1.0.47 [latest v2.0.1]
github.com/oklog/run: v1.0.0 [latest v1.1.0]
github.com/okta/okta-sdk-golang/v2: v2.9.1 [latest v2.10.1]
github.com/oracle/oci-go-sdk: v13.1.0+incompatible [latest v57.0.0]
github.com/ory/dockertest: v3.3.5+incompatible [latest v3.8.1]
github.com/ory/dockertest/v3: v3.8.0 [latest v3.8.1]
github.com/pquerna/otp: v1.2.1-0.20191009055518-468c2dd2b58d [latest v1.3.0]
github.com/prometheus/client_golang: v1.11.0 [latest v1.12.1]
github.com/prometheus/common: v0.26.0 [latest v0.32.1]
github.com/ryanuber/columnize: v2.1.0+incompatible [latest v2.1.2+incompatible]
github.com/sasha-s/go-deadlock: v0.2.0 [latest v0.3.1]
github.com/sethvargo/go-limiter: v0.7.1 [latest v0.7.2]
github.com/shirou/gopsutil: v3.21.5+incompatible [latest v3.22.1]
go.etcd.io/etcd/client/pkg/v3: v3.5.0 [latest v3.5.2]
go.etcd.io/etcd/client/v2: v2.305.0 [latest v3.5.2]
go.etcd.io/etcd/client/v3: v3.5.0 [latest v3.5.2]
go.mongodb.org/mongo-driver: v1.7.3 [latest v1.8.3]
go.opentelemetry.io/otel: v0.20.0 [latest v1.3.0]
go.opentelemetry.io/otel/sdk: v0.20.0 [latest v1.3.0]
go.opentelemetry.io/otel/trace: v0.20.0 [latest v1.3.0]
go.uber.org/goleak: v1.1.11-0.20210813005559-691160354723 [latest v1.1.12]
golang.org/x/tools: v0.1.5 [latest v0.1.9]
google.golang.org/api: v0.30.0 [latest v0.68.0]
google.golang.org/grpc: v1.41.0 [latest v1.44.0]
google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0 [latest v1.2.0]
gopkg.in/ory-am/dockertest.v3: v3.3.4 [latest v3.8.1]
mvdan.cc/gofumpt: v0.1.1 [latest v0.2.1]
使用 go list -u -m icza's psampaz/go-mod-outdated, from psampaz
go-mod-outdatedprovides a table view of thego list -u -m -json allcommand which lists all dependencies of a Go project and their available minor and patch updates.It also provides a way to filter indirect dependencies and dependencies without updates.
In short it turns this:
{
"Path": "github.com/BurntSushi/locker",
"Version": "v0.0.0-20171006230638-a6e239ea1c69",
"Time": "2017-10-06T23:06:38Z",
"GoMod": "/home/mojo/go/pkg/mod/cache/download/github.com/!burnt!sushi/locker/@v/v0.0.0-20171006230638-a6e239ea1c69.mod"
}
{
"Path": "github.com/BurntSushi/toml",
"Version": "v0.0.0-20170626110600-a368813c5e64",
"Time": "2017-06-26T11:06:00Z",
"Update": {
"Path": "github.com/BurntSushi/toml",
"Version": "v0.3.1",
"Time": "2018-08-15T10:47:33Z"
},
"GoMod": "/home/mojo/go/pkg/mod/cache/download/github.com/!burnt!sushi/toml/@v/v0.0.0-20170626110600-a368813c5e64.mod"
}
into this:
+--------------------------------+---------------+-------------+--------+------------------+
| MODULE | VERSION | NEW VERSION | DIRECT | VALID TIMESTAMPS |
+--------------------------------+---------------+-------------+--------+------------------+
| github.com/BurntSushi/locker | v0.0.0-20... | | true | true |
| github.com/BurntSushi/toml | v0.0.0-20.. | v0.3.1 | true | true |
+--------------------------------+---------------+-------------+--------+------------------+