depot

by Olical

Olical / depot

Find newer versions of your dependencies in your deps.edn file

227 Stars 14 Forks Last release: Not found The Unlicense 167 Commits 17 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Depot Clojars Project

Warning: I'm not actively maintaining this project, I'm finally releasing

v2+
since it's been sitting around for far too long. It contains a bunch of breaking changes that are mentioned in
CHANGES.md
.

You may have better luck with liquidz/antq or slipset/deps-ancient. If you'd like to see this project developed and maintained further I'm open to inviting other maintainers or promoting forks. I'm reluctant to transfer ownership and publishing rights to the artifact since that's been used for malicious purposes in recent times.

If this version isn't to your liking you can still rely on

v1.8.4
(or earlier) and the legacy documentation in
README-v1.md
.

Find newer versions of your dependencies in your

deps.edn
file using the Clojure CLI. This works for maven and git dependencies.

Usage

You can try it out easily with this one liner:

$ clojure -Sdeps '{:deps {olical/depot {:mvn/version "2.0.1"}}}' -m depot.outdated.main
Checking for old versions in: deps.edn
  org.clojure/clojure {:mvn/version "1.9.0"} -> {:mvn/version "1.10.1"}

I'd recommend adding depot as an alias in your own

deps.edn
file, this will allow it to check itself for updates:

Note: Replace the ellipsis with the current version shown above.

{:deps {}
 :aliases {:outdated {:extra-deps {olical/depot {:mvn/version "..."}}
                      :main-opts ["-m" "depot.outdated.main"]}}}
$ clojure -Aoutdated --aliases outdated
Checking for old versions in: deps.edn
  olical/depot {:mvn/version "..."} -> {:mvn/version "..."}

Controlling which files are checked

By default Depot looks for

deps.edn
in the current working directory. You can instead pass one or more filenames in explicitly.
$ clojure -Aoutdated ../my-project/deps.edn

Controlling which part of the file are checked

By default, only dependencies under the top-level

:deps
are considered.

To also consider

:extra-deps
and
:override-deps
under aliases, see the the
--aliases
and
--every
flags.

To prevent Depot from touching certain parts of your

deps.edn
, mark them with the
^:depot/ignore
metadata.
{:deps {...}

:aliases {;; used for testing against older versions of Clojure :clojure-1.8 ^:depot/ignore {:extra-deps {org.clojure/clojure {:mvn/version "1.8.0"}}} :clojure-1.9 ^:depot/ignore {:extra-deps {org.clojure/clojure {:mvn/version "1.9.0"}}}}}

The metadata can be placed on the artifact name, the coord map or on any map containing the dependency in question.

Updating
deps.edn

By default, depot only prints the new versions. To update the file in place, include the

--write
flag. This will leave any formatting, whitespace, and comments intact.
$ clojure -Aoutdated --write
Updating old versions in: deps.edn
  rewrite-clj {:mvn/version "0.6.0"} -> {:mvn/version "0.6.1"}
  cider/cider-nrepl {:mvn/version "0.17.0"} -> {:mvn/version "0.18.0"}
  clj-time {:mvn/version "0.14.4"} -> {:mvn/version "0.15.1"}
  olical/cljs-test-runner {:sha "5a18d41648d5c3a64632b5fec07734d32cca7671"} -> {:sha "da9710b389782d4637ef114176f6e741225e16f0"}

Freezing snapshots

Maven has a concept called "virtual" versions, these are similar to Git branches, they are pointers to another version, and the version they point to can change over time. The best known example are snapshot releases. When your

deps.edn
refers to a version
0.4.1-SNAPSHOT
, the version that actually gets installed will look like
0.4.1-20190222.154954-1
.

A maintainer can publish as many snapshots as they like, all with the same version string. This means that re-running the same code twice might yield different results, if in the meanwhile a new snapshot was released. So installing

0.4.1-SNAPSHOT
again later on may install a completely different version.

For the sake of stability and reproducibility it may be desirable to "lock" this version. This is what the

--resolve-virtual
flag is for. The
--resolve-virtual
flag will resolve the virtual version to the current timestamped version that the SNAPSHOT is an alias of, so that your code is once again deterministic.

Besides

SNAPSHOT
versions
--resolve-virtual
will also handle the special version strings
"RELEASE"
and
"LATEST"
% clojure -Aoutdated --resolve-virtual
Checking virtual versions in: deps.edn
   cider/piggieback {:mvn/version "0.4.1-SNAPSHOT"} -> {:mvn/version "0.4.1-20190222.154954-1"}

Existing work

This project is inspired by lein-ancient, it relies on version-clj (by the same author, xsc) for parsing and comparison of version numbers.

Contributors

  • @Olical - Initial work and general maintenance.
  • @daaku - Ensuring
    :override-deps
    is adhered to in the non-mutating mode.
  • @kennyjwilli - Git dependency support and table improvements.
  • @lverns - Reducing the runtime significantly by making multiple requests in parallel.
  • @plexus - Both the
    --update
    and
    --resolve-virtual
    systems, so many improvements!
  • @robert-stuttaford - Presenting results in a neat table.
  • @seancorfield - Support for
    :override-deps
    .
  • @dharrigan - Bump dependencies, fixing warnings.

Unlicenced

Find the full unlicense in the

UNLICENSE
file, but here's a snippet.

This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

Do what you want. Learn as much as you can. Unlicense more software.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.