Here's the summary across all modules:
Up to date (10 modules): archives, changelog, gitignore, managers, platforms, purl, resolve, reuse, vers, website, testing
Needs attention:
| Module | Outdated | Highlights |
|---|
| proxy | 103 | Biggest backlog. aws-sdk-go v1 deprecated, bluemonday retracted, many cloud SDKs behind |
| git-pkgs | 56 | bluemonday retracted, managers internal dep behind, modernc.org/sqlite behind |
| enrichment | 48 | gin-gonic/gin v1.9.1 -> v1.11.0, bluemonday retracted, logrus behind |
| orgs | 29 | gitlab-org/api/client-go, golang.org/x/* packages, sqlite behind |
| forges | 17 | gitlab-org/api/client-go, golang.org/x/crypto |
| vulns | 13 | purl internal dep, sqlite, golang.org/x/* |
| manifests | 6 | golang/protobuf v1.5.0 deprecated, buildtools behind |
| foo2nix | 4 | Internal deps (manifests, purl, vers) all behind |
| registries | 3 | purl internal dep behind |
| spdx | 1 | testify v1.8.1 -> v1.11.1 |
Things worth fixing soon:
microcosm-cc/bluemonday v1.0.25 is retracted in enrichment, git-pkgs, and proxy -- should bump to v1.0.27golang/protobuf v1.5.0 in manifests is deprecated (v1.5.4 available, or migrate to google.golang.org/protobuf)aws/aws-sdk-go v1 in proxy is deprecated in favor of v2- Internal deps (purl, manifests, vers, managers) are behind in several downstream modules
Want me to start updating any of these? I'd suggest starting with the retracted bluemonday since retracted versions can cause build warnings, then working through the internal deps.
