Verification
Provide a detailed description of the proposed feature
I'd like a simple way to wait a few days before upgrading newly released Homebrew packages. This is to reduce stability issues and supply chain attacks.
The feature should do three things:
- shows outdated formulae and casks
- annotates them with age in days
- proposes a
brew upgrade ... command only for top-level packages whose own age and transitive runtime dependencies
are old enough
Example workflow:
brew update
brew outdated --cooldown-days=7 # default is zero for compat
The idea is to keep the convenience of brew outdated and brew upgrade, but make it easier to avoid pulling in dependency changes that are only hours or a day old.
A couple of details:
- it never runs upgrades automatically
- package age is estimated from the local Homebrew tap git history
- if age cannot be determined, that package is excluded from the proposed upgrade command
FWIW, I wrote a small proof of concept for the feature: homebrew-cooldown
Curious whether others here would use something like this, or if there's a better/native way to get similar behavior today.
Example output:
Leaf and non-leaf packages:
harfbuzz (13.2.1) < 14.0.0 (1 day ago)
iterm2 (3.5.0) != 3.5.1 (9 days ago)
jpeg-turbo (3.1.4) < 3.1.4.1 (5 days ago)
ocrmypdf (17.4.0) < 17.4.0_1 (11 days ago, harfbuzz 1 day ago)
uv (0.11.2) < 0.11.3 (7 days ago)
Leaf formulae and casks:
iterm2 (3.5.0) != 3.5.1 (9 days ago)
ocrmypdf (17.4.0) < 17.4.0_1 (11 days ago, harfbuzz 1 day ago)
uv (0.11.2) < 0.11.3 (7 days ago)
Proposed upgrade command for leaf formulae and casks (not executed): brew upgrade iterm2 uv
What is the motivation for the feature?
Help reduce stability issues and supply chain attacks.
How will the feature be relevant to at least 90% of Homebrew users?
This is helps reduces stability issues and supply chain attacks.
What alternatives to the feature have been considered?
I am not aware of effective alternatives.
Verification
brew install wget. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/new/choose instead.Provide a detailed description of the proposed feature
I'd like a simple way to wait a few days before upgrading newly released Homebrew packages. This is to reduce stability issues and supply chain attacks.
The feature should do three things:
brew upgrade ...command only for top-level packages whose own age and transitive runtime dependenciesare old enough
Example workflow:
brew update brew outdated --cooldown-days=7 # default is zero for compatThe idea is to keep the convenience of
brew outdatedandbrew upgrade, but make it easier to avoid pulling in dependency changes that are only hours or a day old.A couple of details:
FWIW, I wrote a small proof of concept for the feature:
homebrew-cooldownCurious whether others here would use something like this, or if there's a better/native way to get similar behavior today.
Example output:
What is the motivation for the feature?
Help reduce stability issues and supply chain attacks.
How will the feature be relevant to at least 90% of Homebrew users?
This is helps reduces stability issues and supply chain attacks.
What alternatives to the feature have been considered?
I am not aware of effective alternatives.