Menu
I'd like to keep my go.mod dependencies up to date. With Node.js, I run the npm outdated (and later npm update).
What's the closest for Go mod?
Ideally, I'd see a report of outdated dependencies of my project (not all recursively). Thanks
614
This is detailed in Go 1.11 Modules: How to Upgrade and Downgrade Dependencies wiki:
To view available minor and patch upgrades for all direct and indirect dependencies, run
go list -u -m all.To upgrade to the latest version for all direct and indirect dependencies of the current module:
- run
go get -uto use the latest minor or patch releases- run
go get -u=patchto use the latest patch releases
You can read more details here: Command go: List packages or modules.
There's also a 3rd party app: https://github.com/psampaz/go-mod-outdated:
An easy way to find outdated dependencies of your Go projects. go-mod-outdated provides a table view of the go list -u -m -json all command which lists all dependencies of a Go project and their available minor and patch updates. It also provides a way to filter indirect dependencies and dependencies without updates.
If you are not interested in indirect dependencies, we can filter them out. There is no flag to filter out indirect dependencies, but we can do that with custom output format.
The
-fflag specifies an alternate format for the list, using the syntax of package template.
So you may specify a format being a template document, conforming with text/template.
When listing modules, the
-fflag still specifies a format template applied to a Go struct, but now aModulestruct:type Module struct { Path string // module path Version string // module version Versions []string // available module versions (with -versions) Replace *Module // replaced by this module Time *time.Time // time version was created Update *Module // available update, if any (with -u) Main bool // is this the main module? Indirect bool // is this module only an indirect dependency of main module? Dir string // directory holding files for this module, if any GoMod string // path to go.mod file for this module, if any Error *ModuleError // error loading module } type ModuleError struct { Err string // the error itself }
Note: this Module struct is defined in an internal package of the command go: https://godoc.org/cmd/go/internal/modinfo
So for example to list direct and indirect dependencies as before, but now also append an IAMINDIRECT word after indirect dependencies, it could be done with:
go list -u -m -f '{{.}}{{if .Indirect}} IAMINDIRECT{{end}}' all
Negating the logic, to list direct and indirect dependencies, but this time "mark" only the direct dependencies with IAMDIRECT:
go list -u -m -f '{{.}}{{if not .Indirect}} IAMDIRECT{{end}}' all
And we're almost there. We now just have to filter out rows that do not contain the IAMDIRECT word:
go list -u -m -f '{{.}}{{if not .Indirect}} IAMDIRECT{{end}}' all | grep IAMDIRECT
The above solution builds on the grep command. But in fact we don't need that. If the specified template results in an empty document, the line is skipped from the output.
So we can achieve the same like this:
go list -u -m -f '{{if not .Indirect}}{{.}}{{end}}' all
Basically we only call Module.String() (we only include a dependency) if it is not indirect. As an extra gain, this solution also works on Windows too.
Similarly how we filtered out indirect dependencies, this is also a "piece of cake" since the Module structure contains an Update field for packages / modules that have updates:
go list -u -m -f '{{if .Update}}{{.}}{{end}}' all
Also see related question: How to list installed go packages
104
The problem with built-in go list is that it won't show you new major versions of a dependency. See: https://github.com/golang/go/issues/40323
Here's a tool which shows outdated direct dependencies including new major versions.
https://github.com/icholy/gomajor
Example of running it on Hashicorp's Vault:
$ gomajor list
cloud.google.com/go: v0.65.0 [latest v0.100.2]
cloud.google.com/go/spanner: v1.5.1 [latest v1.29.0]
cloud.google.com/go/storage: v1.10.0 [latest v1.20.0]
github.com/Azure/go-autorest/autorest: v0.11.21 [latest v0.11.24]
github.com/Azure/go-autorest/autorest/adal: v0.9.14 [latest v0.9.18]
github.com/SAP/go-hdb: v0.14.1 [latest v0.105.5]
github.com/aerospike/aerospike-client-go/v5: v5.6.0 [latest v5.7.0]
github.com/aliyun/alibaba-cloud-sdk-go: v0.0.0-20190620160927-9418d7b0cd0f [latest v1.61.1479]
github.com/aliyun/aliyun-oss-go-sdk: v0.0.0-20190307165228-86c17b95fcd5 [latest v2.2.0+incompatible]
github.com/aws/aws-sdk-go: v1.37.19 [latest v1.42.49]
github.com/cenkalti/backoff/v3: v3.0.0 [latest v4.1.2]
github.com/cockroachdb/cockroach-go: v0.0.0-20181001143604-e0a95dfd547c [latest v2.2.8]
github.com/docker/docker: v20.10.10+incompatible [latest v20.10.12+incompatible]
github.com/go-errors/errors: v1.4.1 [latest v1.4.2]
github.com/go-sql-driver/mysql: v1.5.0 [latest v1.6.0]
github.com/google/go-cmp: v0.5.6 [latest v0.5.7]
github.com/google/go-github: v17.0.0+incompatible [latest v42.0.0]
github.com/google/go-metrics-stackdriver: v0.2.0 [latest v0.4.0]
github.com/hashicorp/consul-template: v0.27.2-0.20211014231529-4ff55381f1c4 [latest v0.27.2]
github.com/hashicorp/consul/api: v1.11.0 [latest v1.12.0]
github.com/hashicorp/go-secure-stdlib/awsutil: v0.1.5 [latest v0.1.6]
github.com/hashicorp/go-secure-stdlib/mlock: v0.1.1 [latest v0.1.2]
github.com/hashicorp/go-secure-stdlib/strutil: v0.1.1 [latest v0.1.2]
github.com/hashicorp/hcl: v1.0.1-vault-3 [latest v2.11.1]
github.com/hashicorp/raft: v1.3.3 [latest v1.3.4]
github.com/hashicorp/raft-autopilot: v0.1.3 [latest v0.1.5]
github.com/hashicorp/raft-boltdb/v2: v2.0.0-20210421194847-a7e34179d62c [latest v2.2.1]
github.com/hashicorp/vault-plugin-auth-kubernetes: v0.7.1-0.20220107030939-d289258274b7 [latest v0.11.5]
github.com/hashicorp/vault-plugin-mock: v0.16.1 [latest v0.19.13]
github.com/hashicorp/vault-plugin-secrets-kv: v0.5.7-0.20220112155832-c2eb38b5f5b6 [latest v0.10.1]
github.com/hashicorp/vault/api/auth/approle: v0.1.0 [latest v0.1.1]
github.com/jefferai/jsonx: v1.0.0 [latest v1.0.1]
github.com/lib/pq: v1.10.3 [latest v1.10.4]
github.com/michaelklishin/rabbit-hole/v2: v2.11.0 [latest v2.12.0]
github.com/mitchellh/copystructure: v1.0.0 [latest v1.2.0]
github.com/mitchellh/go-testing-interface: v1.14.0 [latest v1.14.1]
github.com/mitchellh/go-wordwrap: v1.0.0 [latest v1.0.1]
github.com/mitchellh/mapstructure: v1.4.2 [latest v1.4.3]
github.com/mongodb/go-client-mongodb-atlas: v0.1.2 [latest v0.14.0]
github.com/natefinch/atomic: v0.0.0-20150920032501-a62ce929ffcc [latest v1.0.1]
github.com/ncw/swift: v1.0.47 [latest v2.0.1]
github.com/oklog/run: v1.0.0 [latest v1.1.0]
github.com/okta/okta-sdk-golang/v2: v2.9.1 [latest v2.10.1]
github.com/oracle/oci-go-sdk: v13.1.0+incompatible [latest v57.0.0]
github.com/ory/dockertest: v3.3.5+incompatible [latest v3.8.1]
github.com/ory/dockertest/v3: v3.8.0 [latest v3.8.1]
github.com/pquerna/otp: v1.2.1-0.20191009055518-468c2dd2b58d [latest v1.3.0]
github.com/prometheus/client_golang: v1.11.0 [latest v1.12.1]
github.com/prometheus/common: v0.26.0 [latest v0.32.1]
github.com/ryanuber/columnize: v2.1.0+incompatible [latest v2.1.2+incompatible]
github.com/sasha-s/go-deadlock: v0.2.0 [latest v0.3.1]
github.com/sethvargo/go-limiter: v0.7.1 [latest v0.7.2]
github.com/shirou/gopsutil: v3.21.5+incompatible [latest v3.22.1]
go.etcd.io/etcd/client/pkg/v3: v3.5.0 [latest v3.5.2]
go.etcd.io/etcd/client/v2: v2.305.0 [latest v3.5.2]
go.etcd.io/etcd/client/v3: v3.5.0 [latest v3.5.2]
go.mongodb.org/mongo-driver: v1.7.3 [latest v1.8.3]
go.opentelemetry.io/otel: v0.20.0 [latest v1.3.0]
go.opentelemetry.io/otel/sdk: v0.20.0 [latest v1.3.0]
go.opentelemetry.io/otel/trace: v0.20.0 [latest v1.3.0]
go.uber.org/goleak: v1.1.11-0.20210813005559-691160354723 [latest v1.1.12]
golang.org/x/tools: v0.1.5 [latest v0.1.9]
google.golang.org/api: v0.30.0 [latest v0.68.0]
google.golang.org/grpc: v1.41.0 [latest v1.44.0]
google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0 [latest v1.2.0]
gopkg.in/ory-am/dockertest.v3: v3.3.4 [latest v3.8.1]
mvdan.cc/gofumpt: v0.1.1 [latest v0.2.1]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
