pak VS endoflife.date

From your issue link:

> Then commons-logging changes its API incompatibly and is released as commons-logging 2.0.1. Authentication adopts commons-logging 2.0.1 while other libraries still depend on 1.1.1

> Now my-application is broken, because the dependency tree includes two versions of commons-logging which share packages, class / functions names, and thus can not be loaded simultaneously.

I absolutely don't see how this is a problem with semver, it is not the responsibility of semver to tell a language how packages should be isolated and loaded. That is a problem of a) the language and b) dependency resolution in the package manager.

> SemVer is a product of Ruby community.

Bundler, by design, does not allow the above, instead having a flat, consistent vision of dependencies.

NPM though, allows that, allowing nested dependencies, by virtue of the ES6 module system importing to a variable in a lexical scope. Go also allows that, by virtue of its imports being scoped to a package (or file, I can't recall).

Ruby can do that kind of isolation too. In fact, I've done it: https://github.com/lloeki/pak

Unless packages leak to globals each version is oblivious to the one next to it. Unless package dependents communicate with one another using objects from the packages they can happily live in their own world. Now if they do, then it's like hitting a HTTP /api/v1 with an HTTP /api/v2 client and somehow wishing things will work. Either the package (which should not leak globals / disallow cross-version communication) or the language (which should not allow leaking globals / detect incompatible communication).

None of this is the responsibility of semver.

(the link jumps to some random place for me)

Well, you always could, it was just a bit more involved:

https://github.com/lloeki/pak

> where you can see overlapped timelines when support ended

I tried to generate a visual timeline for a given page (https://github.com/endoflife-date/endoflife.date/pull/2859, has some screenshots), but it was limited to a single page (so you'd only see nokia devices at once for eg).

It turned out that it is too hard to generate clear charts with vague data. We often only know whether is device is supported or not (true/false, see comments about samsung below in this thread), and don't have clear release dates.

I'll get to it someday (PRs welcome), but it might not work for the usecase we want (picking phones) because data on mobiles is very vague.

repairability score -> sounds interesting, will file an issue and see. The hard part is that there's no clear identifiers for devices (SWID/CPE are just not good enough) for us to track this kind of data from elsewhere easily.

Here's the PR where it was added by a user, "Based on a Rails core team member's comment"...

A lot of the communications regarding End of Life for Support is done very effectively here: https://endoflife.date/

https://endoflife.date (not mine)

a little similar to endoflife.date if anyone has ever come across it for Software versions?

We do this at https://endoflife.date API, and it works quite well.

I've created the `db.json` with the [end of life](https://endoflife.date/) api.

Something I've recently worked on is building an SQLite database of all the dependencies my organisation uses, which makes it possible to write our own queries and reports. The tool is all Open Source (https://dmd.tanna.dev) and has a CLI as well as the SQLite data.

Ive used it to look for software that's out of date (via https://endoflife.date), to find vulnerablilities (via https://osv.dev) and get license information (via https://deps.dev)

It's been hugely useful for us understanding use of internal and external dependencies, and I wish I'd built it earlier in my career so I could've had it for other companies I've worked at!

This is neat: https://endoflife.date/

I'm looking for a 3rd party vendor that can do the mindlessly tedious work of maintaining a library of software support dates. Think hundreds of thousands/millions of versions of software in an enterprise with ridiculous tech debt. Something like endoflife.date but much more far encompassing.