Add CLI command to print oudated versions

[vshakitskiy]

Closes #5012

This is my first time working on big code base and also first time using Rust, really excited actually! I didn't add any tests here yet, since im not really sure that my changes are accurate. 🙏

This is what I get when running gleam deps outdated on some example project:

$ gleam deps outdated
Package      Current Latest
gleam_crypto v1.5.0  v1.5.1
gleam_erlang v1.2.0  v1.3.0

[GearsDatapacks]

Hello! Thank you for this change. The implementation looks pretty good; I've left a few stylistic notes inline. I'll let Louis review as I'm not so familiar with the compiler-cli codebase, so not sure if a better approach is possible there.

[lpil]

Hello! Thank you for this. Looks fab!

I'm travelling at the moment so haven't given this a thorough review, but I have some initial notes:

It looks like it's only showing direct dependencies, but the ticket was for dependencies generally. An application author has the same amount of risk for direct and transitive dependencies, so they have to perform the same level of auditing of both. If anything transitive ones are biggest targets for supply chain attacks, so they may warrant further inspection.

I think there may be some formatting code copied from an existing function in the codebase. Could we extract this into a shared helper please 🙏

Thanks!

[vshakitskiy]

Thanks for the reviews! Yea I misunderstood the ticket, sorry about that. I'll work on updating it to include transitive dependencies

[vshakitskiy]

Now it should also show transitive dependencies. Example with only [email protected]:

gleam deps outdated
Package      Current Latest
gleam_erlang v0.34.0 v1.3.0
gleam_http   v3.7.2  v4.2.0
gleam_json   v1.0.1  v3.0.2
gleam_otp    v0.16.1 v1.1.0
glisten      v5.0.0  v8.0.1
gramps       v2.0.3  v6.0.0
mist         v2.0.0  v5.0.3
wisp         v1.0.0  v2.0.1

[daniellionel01]

Now it should also show transitive dependencies. Example with only [email protected]:

gleam deps outdated
Package      Current Latest
gleam_erlang v0.34.0 v1.3.0
gleam_http   v3.7.2  v4.2.0
gleam_json   v1.0.1  v3.0.2
gleam_otp    v0.16.1 v1.1.0
glisten      v5.0.0  v8.0.1
gramps       v2.0.3  v6.0.0
mist         v2.0.0  v5.0.3
wisp         v1.0.0  v2.0.1

The order is alphabetical correct? I think it would be cool if we show direct dependencies first and then transitive dependencies.
Thoughts? @lpil

[vshakitskiy]

Now it should also show transitive dependencies. Example with only [email protected]:

gleam deps outdated
Package      Current Latest
gleam_erlang v0.34.0 v1.3.0
gleam_http   v3.7.2  v4.2.0
gleam_json   v1.0.1  v3.0.2
gleam_otp    v0.16.1 v1.1.0
glisten      v5.0.0  v8.0.1
gramps       v2.0.3  v6.0.0
mist         v2.0.0  v5.0.3
wisp         v1.0.0  v2.0.1

The order is alphabetical correct? I think it would be cool if we show direct dependencies first and then transitive dependencies. Thoughts? @lpil

Yea, names sorted alphabetically. I like your idea!

[lpil]

Awesome! Alphabetical please 🙏 We want to discourage the idea that the direct dependencies are special in some way.

I'm just working on the current release but I'll review this once that's done. Thank you

[lpil]

Could you rebase to remove the merge commits please 🙏

[vshakitskiy]

Oops, my git skills are just something.. I don't know if I messed up or not 🙏 (I guess I did, sorry)

[vshakitskiy]

ok, done!