Jamie Tanna (https://www.jvt.me)
Senior Software Engineer @ Elastic
Have you ever wondered:
"What projects should I contribute to?"
dmd
dmd-web
dmd
"What package advisories do I have?"
organisation | repo | package_name | current_version | dep_types | advisory_type | description |
---|---|---|---|---|---|---|
alphagov | di-authentication-frontend | node | 18.12.1 | ["engines"] | DEPRECATED | nodejs 18 will be unsupported in 28 days |
golangci | golangci-lint | github.com/golangci/lint-1 | v0.0.0-... | ["require"] | DEPRECATED | Use golang.org/x/lint instead, as the golangci fork ... is behind active development and bugfixes in golang.org/x/lint |
tanna.dev | oidc-thumbprint | go | 1.18 | ["golang"] | UNSUPPORTED | go 1.18 has been End-of-Life for 231 days |
via https://dependency-management-data-example.fly.dev/report/advisories
"How many packages does kubernetes use?"
select
package_manager,
count(*) as c
from
renovate
where
repo = 'kubernetes'
group by
package_manager
order by
c desc
package_manager | c |
---|---|
gomod | 2182 |
dockerfile | 90 |
cloudbuild | 3 |
"How dependent am I on Hashicorp libraries?"
select
organisation, repo, package_name,
current_version, dep_types
from
renovate
where
package_name like 'github.com/hashicorp/%'
organisation | repo | package_name | current_version | dep_types |
---|---|---|---|---|
clever | microplane | github.com/hashicorp/go-cleanhttp | v0.5.2 | ["indirect"] |
cloud-custodian | cloud-custodian | github.com/hashicorp/go-multierror | v1.0.0 | ["require"] |
renovatebot | renovate | github.com/hashicorp/go-cleanhttp | v0.0.0-20171218145408-d5fe4b57a186 | ["require"] |
tailscale | tailscale | github.com/hashicorp/errwrap | v1.1.0 | ["indirect"] |
gitlab-org | gitlab | github.com/hashicorp/yamux | v0.1.1 | ["indirect"] |
"Who owns the production service running Node 5?" 🤔
select
distinct
renovate.platform, renovate.organisation, renovate.repo, owner
from
renovate
left join owners
on renovate.platform = owners.platform
and renovate.organisation = owners.organisation
and renovate.repo = owners.repo
-- and ...
"How behind on updates am I?"
select
package_manager, update_type, count(*)
from
renovate_updates
group by
package_manager, update_type
order by
count(*) desc
package_manager | update_type | count(*) |
---|---|---|
gomod | minor | 1368 |
npm | major | 551 |
npm | minor | 507 |
dependency-management-data-example - OSS from GitHub, GitLab
Want to try it out?