feat: Display abandoned packages (#35868)

Co-authored-by: Rhys Arkins <[email protected]>
Co-authored-by: HonkingGoose <[email protected]>

Author: 3 people

docs/usage/configuration-options.md

@@ -1411,6 +1411,15 @@ This feature is independent of the `osvVulnerabilityAlerts` option.
 
 The source of these CVEs is [OSV.dev](https://osv.dev/).
 
+## dependencyDashboardReportAbandonment
+
+Controls whether abandoned packages are reported in the dependency dashboard.
+
+When enabled (default), Renovate will display a collapsible section in the dependency dashboard listing packages that have been identified as abandoned based on the `abandonmentThreshold` configuration.
+This helps you identify dependencies that may need attention due to lack of maintenance.
+
+Set this to `false` if you prefer not to see abandoned packages in your dependency dashboard.
+
 ## dependencyDashboardTitle
 
 Configure this option if you prefer a different title for the Dependency Dashboard.

lib/config/options/index.ts

@@ -1897,6 +1897,13 @@ const options: RenovateOptions[] = [
     type: 'string',
     default: null,
   },
+  {
+    name: 'dependencyDashboardReportAbandonment',
+    description:
+      'Controls whether abandoned packages are reported in the dependency dashboard.',
+    type: 'boolean',
+    default: true,
+  },
   {
     name: 'internalChecksAsSuccess',
     description:

lib/config/types.ts

@@ -268,6 +268,7 @@ export interface RenovateConfig
   dependencyDashboardFooter?: string;
   dependencyDashboardLabels?: string[];
   dependencyDashboardOSVVulnerabilitySummary?: 'none' | 'all' | 'unresolved';
+  dependencyDashboardReportAbandonment?: boolean;
   packageFile?: string;
   packageRules?: PackageRule[];
   postUpdateOptions?: string[];

lib/modules/platform/github/index.ts

@@ -1947,10 +1947,10 @@ export function massageMarkdown(input: string): string {
       regEx(/]: https:\/\/github\.com\//g),
       ']: https://redirect.github.com/',
     )
-    .replace('> ℹ **Note**\n> \n', '> [!NOTE]\n')
-    .replace('> ⚠ **Warning**\n> \n', '> [!WARNING]\n')
-    .replace('> ⚠️ **Warning**\n> \n', '> [!WARNING]\n')
-    .replace('> ❗ **Important**\n> \n', '> [!IMPORTANT]\n');
+    .replaceAll('> ℹ **Note**\n> \n', '> [!NOTE]\n')
+    .replaceAll('> ⚠ **Warning**\n> \n', '> [!WARNING]\n')
+    .replaceAll('> ⚠️ **Warning**\n> \n', '> [!WARNING]\n')
+    .replaceAll('> ❗ **Important**\n> \n', '> [!IMPORTANT]\n');
   return smartTruncate(massagedInput, maxBodyLength());
 }
 

lib/workers/repository/dependency-dashboard.spec.ts

@@ -13,6 +13,7 @@ import type { Platform } from '../../modules/platform';
 import { massageMarkdown } from '../../modules/platform/github';
 import { clone } from '../../util/clone';
 import { regEx } from '../../util/regex';
+import { asTimestamp } from '../../util/timestamp';
 import type { BranchConfig, BranchUpgradeConfig } from '../types';
 import * as dependencyDashboard from './dependency-dashboard';
 import { getDashboardMarkdownVulnerabilities } from './dependency-dashboard';
@@ -1656,4 +1657,126 @@ See [\`osvVulnerabilityAlerts\`](https://docs.renovatebot.com/configuration-opti
 </details>`);
     });
   });
+
+  describe('getAbandonedPackagesMd()', () => {
+    it('returns empty string when no abandoned packages exist', () => {
+      const packageFiles: Record<string, PackageFile[]> = {
+        npm: [
+          {
+            packageFile: 'package.json',
+            deps: [
+              { depName: 'lodash', isAbandoned: false },
+              { depName: 'express', isAbandoned: false },
+            ],
+          },
+        ],
+      };
+
+      const result = dependencyDashboard.getAbandonedPackagesMd(packageFiles);
+      expect(result).toEqual('');
+    });
+
+    it('returns formatted markdown when abandoned packages exist', () => {
+      const packageFiles: Record<string, PackageFile[]> = {
+        npm: [
+          {
+            packageFile: 'package.json',
+            deps: [
+              {
+                depName: 'abandoned-pkg',
+                isAbandoned: true,
+                mostRecentTimestamp: asTimestamp('2020-05-15T12:00:00.000Z')!,
+              },
+            ],
+          },
+        ],
+      };
+
+      const result = dependencyDashboard.getAbandonedPackagesMd(packageFiles);
+
+      expect(result).toContain('> ℹ **Note**');
+      expect(result).toContain('| Datasource | Name | Last Updated |');
+      expect(result).toContain('| npm | `abandoned-pkg` | `2020-05-15` |');
+      expect(result).toContain('abandonmentThreshold');
+    });
+
+    it('handles multiple abandoned packages across different managers', () => {
+      const packageFiles: Record<string, PackageFile[]> = {
+        npm: [
+          {
+            packageFile: 'package.json',
+            deps: [
+              {
+                depName: 'pkg1',
+                isAbandoned: true,
+                mostRecentTimestamp: asTimestamp('2021-01-10T10:00:00.000Z')!,
+              },
+              { depName: 'pkg2', isAbandoned: false },
+              {
+                depName: 'pkg3',
+                isAbandoned: true,
+                mostRecentTimestamp: asTimestamp('2020-11-05T15:30:00.000Z')!,
+              },
+            ],
+          },
+        ],
+        gradle: [
+          {
+            packageFile: 'build.gradle',
+            deps: [
+              {
+                depName: 'org.example:lib',
+                isAbandoned: true,
+                mostRecentTimestamp: asTimestamp('2019-07-22T08:15:00.000Z')!,
+              },
+            ],
+          },
+        ],
+      };
+
+      const result = dependencyDashboard.getAbandonedPackagesMd(packageFiles);
+
+      expect(result).toContain('| gradle | `org.example:lib` | `2019-07-22` |');
+      expect(result).toContain('| npm | `pkg1` | `2021-01-10` |');
+      expect(result).toContain('| npm | `pkg3` | `2020-11-05` |');
+      expect(result).not.toContain('pkg2');
+    });
+
+    it('displays "unknown" when mostRecentTimestamp is missing', () => {
+      const packageFiles: Record<string, PackageFile[]> = {
+        npm: [
+          {
+            packageFile: 'package.json',
+            deps: [
+              {
+                depName: 'pkg-with-date',
+                isAbandoned: true,
+                mostRecentTimestamp: asTimestamp('2021-03-17T14:30:00.000Z')!,
+              },
+              { depName: 'pkg-no-date', isAbandoned: true },
+            ],
+          },
+        ],
+      };
+
+      const result = dependencyDashboard.getAbandonedPackagesMd(packageFiles);
+
+      expect(result).toContain('| npm | `pkg-with-date` | `2021-03-17` |');
+      expect(result).toContain('| npm | `pkg-no-date` | `unknown` |');
+    });
+
+    it('handles empty deps array', () => {
+      const packageFiles: Record<string, PackageFile[]> = {
+        npm: [
+          {
+            packageFile: 'package.json',
+            deps: [],
+          },
+        ],
+      };
+
+      const result = dependencyDashboard.getAbandonedPackagesMd(packageFiles);
+      expect(result).toEqual('');
+    });
+  });
 });

lib/workers/repository/dependency-dashboard.ts

@@ -1,9 +1,11 @@
 import is from '@sindresorhus/is';
+import { DateTime } from 'luxon';
 import { GlobalConfig } from '../../config/global';
 import type { RenovateConfig } from '../../config/types';
 import { logger } from '../../logger';
 import type { PackageFile } from '../../modules/manager/types';
 import { platform } from '../../modules/platform';
+import { coerceArray } from '../../util/array';
 import { regEx } from '../../util/regex';
 import { coerceString } from '../../util/string';
 import * as template from '../../util/template';
@@ -324,6 +326,10 @@ export async function ensureDependencyDashboard(
     issueBody += '\n';
   }
 
+  if (config.dependencyDashboardReportAbandonment) {
+    issueBody += getAbandonedPackagesMd(packageFiles);
+  }
+
   const pendingApprovals = branches.filter(
     (branch) => branch.result === 'needs-approval',
   );
@@ -557,6 +563,60 @@ export async function ensureDependencyDashboard(
   }
 }
 
+export function getAbandonedPackagesMd(
+  packageFiles: Record<string, PackageFile[]>,
+): string {
+  const abandonedPackages: Record<
+    string,
+    Record<string, string | undefined | null>
+  > = {};
+  let abandonedCount = 0;
+
+  for (const [manager, managerPackageFiles] of Object.entries(packageFiles)) {
+    for (const packageFile of managerPackageFiles) {
+      for (const dep of coerceArray(packageFile.deps)) {
+        if (dep.depName && dep.isAbandoned) {
+          abandonedCount++;
+          abandonedPackages[manager] = abandonedPackages[manager] || {};
+          abandonedPackages[manager][dep.depName] = dep.mostRecentTimestamp;
+        }
+      }
+    }
+  }
+
+  if (abandonedCount === 0) {
+    return '';
+  }
+
+  let abandonedMd = '> ℹ **Note**\n> \n';
+  abandonedMd +=
+    'These dependencies have not received updates for an extended period and may be unmaintained:\n\n';
+
+  abandonedMd += '<details>\n';
+  abandonedMd += `<summary>View abandoned dependencies (${abandonedCount})</summary>\n\n`;
+  abandonedMd += '| Datasource | Name | Last Updated |\n';
+  abandonedMd += '|------------|------|-------------|\n';
+
+  for (const manager of Object.keys(abandonedPackages).sort()) {
+    const deps = abandonedPackages[manager];
+    for (const depName of Object.keys(deps).sort()) {
+      const mostRecentTimestamp = deps[depName];
+      const formattedDate = mostRecentTimestamp
+        ? DateTime.fromISO(mostRecentTimestamp).toFormat('yyyy-MM-dd')
+        : 'unknown';
+      abandonedMd += `| ${manager} | \`${depName}\` | \`${formattedDate}\` |\n`;
+    }
+  }
+
+  abandonedMd += '\n</details>\n\n';
+  abandonedMd +=
+    'Packages are marked as abandoned when they exceed the [`abandonmentThreshold`](https://docs.renovatebot.com/configuration-options/#abandonmentthreshold) since their last release.\n';
+  abandonedMd +=
+    'Unlike deprecated packages with official notices, abandonment is detected by release inactivity.\n\n';
+
+  return abandonedMd + '\n';
+}
+
 function getFooter(config: RenovateConfig): string {
   let footer = '';
   if (config.dependencyDashboardFooter?.length) {