Skip to content

Prevent Dependencies from Reaching EOL (< 6 Months Remaining) #8063

Open
Feature
Open
Prevent Dependencies from Reaching EOL (< 6 Months Remaining)#8063
Feature
@CarolineDenis

Description

@CarolineDenis
CarolineDenis
opened on May 8, 2026

Prevent Dependencies from Reaching EOL (< 6 Months Remaining)

Summary

Implement automated checks and alerts to ensure we are never running core dependencies that are less than 6 months away from End-of-Life (EOL).

This should cover major platform/runtime dependencies such as:

  • Django
  • Python
  • Node.js
  • Other critical framework/runtime dependencies where supported by endoflife.date

Goals

  • Detect dependencies approaching EOL
  • Alert the team before risk becomes critical
  • Automate upgrade workflows where possible
  • Prevent deployments/builds using unsupported versions

Requirements

1. GitHub Action — EOL Check

Create a GitHub Action that:

  • Reads current dependency versions (starting with Django)

  • Queries the endoflife.date API

  • Calculates remaining time before EOL

  • Fails the build OR posts a Slack alert if:

    • dependency has less than 6 months remaining before EOL

Example:

  • Django version in use: 4.2

  • EOL date from API

  • If < 180 days remaining:

    • fail CI
    • and/or send Slack notification

Other expansion:

  • Python
  • Node.js
  • PostgreSQL
  • Other supported runtimes/frameworks

2. Renovate Configuration

Configure Renovate to:

  • Automatically open upgrade PRs
  • Group major upgrades together

Example:

  • Django 4 → 5 grouped into a dedicated PR

Suggested behaviors:

  • Auto-merge patch/minor updates where safe
  • Separate major version upgrades
  • Weekly dependency update schedule

3. Slack Notifications

Add Slack notifications for:

  • Dependencies approaching EOL (< 6 months)
  • Failed EOL checks
  • Newly available major upgrades

Suggested Services / APIs

endoflife.date

Use:

  • API

Capabilities:

  • Tracks Django, Python, Node.js, etc.
  • Provides EOL dates
  • Can determine “EOL in X days”

Reference:

Acceptance Criteria

  • GitHub Action runs in CI
  • CI detects dependency EOL windows
  • Build fails or Slack alert triggers when < 6 months remain
  • Renovate configured for automated dependency PRs
  • Slack notifications operational
  • Documentation added for maintenance and configuration

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions