How to detect deprecated direct dependencies in a pipeline for a go project

I am trying to detect direct deprecated dependencies in a go project. For that I created the a dummy project deptest which has depricon direct dependency. As stated in go1.17 release notes under the Module deprecation comments section it should be possible to get the deprecated dependencies with go list -m -u . But when I run the command in my project I get:

$ go list -m -u 
github.com/zbindenren/deptest

I see the deprecation warning only with the following commands:

$ go get ./...
go: module github.com/zbindenren/depricon is deprecated: This module is not maintained anymore.

Or with:

$ go list -m -u all
github.com/zbindenren/deptest
github.com/zbindenren/depricon v0.0.1 (deprecated)

But with the second command I also get all indirect deprecateded dependencies.

My question is: is this a bug that go list -m -u doesn't show the deprecated modules? And is there maybe a better way to check for deprecated modules than running go get ./...?

First, when you run go list -m -u without a module argument, it lists only the main module (source):

> The -m flag causes go list to list modules instead of packages. [...] If no arguments are specified, the main module is listed.

Then, the release notes of Go 1.17 actually state that:

> go list -m -u prints deprecations for all dependencies (use -f or -json to show the full message)

So run with a module argument that includes your deprecated dependency, and specify the format:

$ go list -m -u -f '{{.Path}} {{.Deprecated}}' all
github.com/zbindenren/deptest 
github.com/zbindenren/depricon This module is not maintained anymore.

If you want to limit output to only direct dependencies, use a template trick:

$ go list -m -u -f '{{if not .Indirect}}{{.Path}} {{.Deprecated}}{{end}}' all

Or wait for this proposal to come through.