Default to only showing direct dependencies

[Keats]

It's been mentioned in #51 and in rust-lang/cargo#4309 that the default behaviour should be to limit the output the direct dependencies. Since cargo-outdated has already a -d flag, it should be as simple as defaulting it to 1

[Frederick888]

I think one of the reasons why such a behaviour is desirable, as mentioned here by @SergioBenitez, is that we would like hide those dependencies which we are not really able to update.

Because cargo-outdated currently cannot really check the latest versions of transitive dependencies (the "Latest" column is generated by replacing requirements of direct dependencies with wildcards), so basically whatever you see in the "Compat" column are what you could deal with.

Hence would it make more sense to hide the transitive dependencies whose status is only changed in the "Latest" column?

For instance, lines like

semver->serde        1.0.11   ---     Removed  Normal  ---

...would be hidden by default as you may not want to update its parent semver to the latest incompatible version yet, but can still be printed via a certain flag, say --aggressive, --all or something else.

[letheed]

Came here to post the very same issue. It didn't make sense to me to see by default dependencies on which I have no direct influence. Also -R often means recursive, it's a bit unsettling that it's used for the very opposite meaning here.

[Frederick888]

@letheed

1. But if there are dependencies which you can upgrade, even if you have no direct influence, wouldn't you still like to run cargo update?
2. -R has been there for quite long even before I joined the project. At least currently there's no enough motivation for me to change it now.

[letheed]

I guess it depends if one's looking to update the lock file or the manifest.

Yeah, I understand there's no incentive to break interface right now. Just putting it out there for the future.

[Frederick888]

@letheed I guess for library developers, they could be more interested in the manifest file, as the lock file is usually excluded from the repository; but others could be interested in both of them, as dependencies are often updated before a new release is published, e.g. cargo-outdated itself.

So I personally don't think it would be a really nice choice to make "checking direct dependencies only" the default behaviour, especially in consideration of the fact that "recursive checking" has been the default since this tool was created, unless this thread gets enough support. But I can still make it configurable, just like other tools it can search for e.g. .cargo_outdated.toml from current working directory up to the root.

[letheed]

@Frederick888 that's all right, I was indeed thinking about it more from a library perspective, but I can see how that would not fit everyone. Fish autocompletes it for me all the same...

If people feel the same they can post it here. Thank you for your work and your time anyway!