Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate libyears #2619

Open
hgschmie opened this issue Jan 29, 2024 · 2 comments
Open

Investigate libyears #2619

hgschmie opened this issue Jan 29, 2024 · 2 comments
Assignees
@hgschmie

Comments

@hgschmie
Copy link
Contributor

see https://github.com/mfoo/libyear-maven-plugin
@hgschmie hgschmie self-assigned this Jan 29, 2024
@stevenschlansker
Copy link
Member

What's the goal with this plugin? The information seems fun, but an old dependency is not necessarily a problem.

@hgschmie
Copy link
Contributor Author

organizations start to use this information across their codebase to get an idea how "outdated" dependencies are. You know that I agree with you about "old dependencies are not a problem", but there is a big push from security teams to keep software "fresh" because it is perceived less bug prone.

our "worst" modules (which support old kotlin, jackson and slf4j) are ~ 8 libyears behind. This is spectacular. I know of codebases (mostly typescript though), where the typical project is hundreds or thousands of libyears behind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hgschmie hgschmie

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hgschmie @stevenschlansker