packdeps
One important part of maintaining software is keeping up with the new releases of dependencies. I use the packdeps utility to check the dependencies of my Haskell projects. The web service provides RSS/Atom feeds for packages that are in Hackage, and a CLI can be used to check the dependencies of packages that are not in Hackage.
I currently only publish packages that are useful as libraries to Hackage. I prefer to update these packages quickly when a new major version of a dependency is released. I usually check my RSS feeds twice per day, so the notifications provided by the web service allow me to discover dependency releases in a timely manner.
My utility packages are currently not in Hackage. I use the CLI to discover dependency releases for these packages, using the following script:
#!/usr/bin/env bash
find . -type f -name '*.cabal' \
| sort \
| xargs packdeps --preferred --quiet
My public projects are cloned into my ~/projects/public
directory, and I execute the above script from that directory to check
those projects. The packdeps
command is run against all
.cabal
files below the current directory, in sorted order.
The --preferred
option makes packdeps
only
consider preferred versions of packages. For example, the latest release
(2.7.0.0
) of the network-uri
package has been explicitly
deprecated, so it should not be considered. The --quiet
option suppresses output for packages that can accept the newest
releases of all dependencies.
There are a few issues, however. The utility is implemented using the
Cabal library,
and the latest release only supports
Cabal >=3.2 && <3.3
, which means that it only
works with GHC 8.10. The utility also expects the Hackage database to be
under ~/.cabal
, so it does not work for Stack users. It would be nice if
it could read the Hackage database from
~/.stack/pantry/hackage
as well, or at least provide an
option to allow users to specify which database to load. (The hackage-db API
exposes a readTarball
function!)