EOL tracking with release date of current dependency version

[neifach]

We are looking for a tool to support EOL management of dependencies.

The current Libyear is great for being aware of possible updates, ensuring that projects don't use real old dependency versions when newer ones are available.

But what if there hasn't been a newer version of a dependency for years? It never shows up because there is no update. We also want to visualize these dependencies so that the project can decide what to do with these old dependencies. Is it still OK to use them or should they be replaced with another dependency? Maybe only the GAV was changed? Or is there a fork? Or something completely new? We want to save such dependencies in a new report file.

An overview of what changes would be required to make this possible:
a) a new optional configuration parameter "reportFile" which contains the path to the new report file.
b) a new configuration parameter "minLibYearsForReport" which contains a minimum age and tells the report to include all dependencies older than "minLibYearsForRep".

Only if the configuration parameter is used in a) will b) be executed.

[mfoo]

Heya! Apologies for the delay, I've been pretty swamped. I saw the issue but I didn't realise you'd made a PR. That's awesome, thanks!

I've actually been trying to find time to do this for a while. For the moved project issue our Maven builds use this libyear plugin alongside the oga-maven-plugin configured to warn, not fail. You might find that useful. Like you said though, it doesn't detect projects that haven't been updated in a long time (potentially abandoned).

I'll take a look at the PR as soon as I can. My only hesitation is that this hasn't been solved more generally as part of the libyear concept, but there's a clear need so I think I'd be great to make some progress here.

[mfoo]

This should now be available: https://central.sonatype.com/artifact/io.github.mfoo/libyear-maven-plugin/1.2.0.

It can be executed with

mvn io.github.mfoo:libyear-maven-plugin:1.2.0:analyze

Thanks for the contribution and sorry for the delay!