Question 1

How to use go-mod-outdated in a CI pipeline like GitHub Actions?

Accepted Answer

Run go list -u -m -json all | go-mod-outdated -ci in your workflow script; the -ci flag will cause a non-zero exit if outdated dependencies are found, failing the pipeline. You can add -direct to fail only for direct dependencies.

Question 2

go-mod-outdated vs go-mod-upgrade or Dependabot: which is better?

Accepted Answer

go-mod-outdated is best for manual inspection and CI reporting, as it only shows updates. go-mod-upgrade can apply updates, and Dependabot offers automated pull requests with security scans, so choose based on whether you need detection-only or full automation.

Question 3

How to filter only direct dependencies that have updates?

Accepted Answer

Use the command go list -u -m -json all | go-mod-outdated -update -direct. This combines both flags to display a table with only direct modules that have newer versions available.

Question 4

What does invalid timestamps mean in go-mod-outdated output?

Accepted Answer

It indicates cases where the update version reported by go list has an older timestamp than the current version, suggesting a potential downgrade. The tool flags this in the VALID TIMESTAMPS column to help avoid breaking changes.

Question 5

Can I run go-mod-outdated without installing Go locally?

Accepted Answer

Yes, use Docker with docker run --rm -i psampaz/go-mod-outdated, piping the go list output into it. This is useful for containerized environments or when Go isn't available on the host system.

Question 6

How to handle go-mod-outdated with vendored dependencies in Go 1.14?

Accepted Answer

For Go 1.14 with vendoring, add -mod=mod or -mod=readonly to the go list command, like go list -u -m -mod=mod -json all | go-mod-outdated, to bypass vendor directory restrictions.

Question 7

Does go-mod-outdated support automatic dependency updates?

Accepted Answer

No, it only identifies outdated dependencies and outputs them in a table. To update, you must manually use go get or other tools after reviewing the results, as stated in the README's important note on upgrade responsibility.

go-mod-outdated

What is go-mod-outdated?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions