probably more luck asking this in #C03U8L2NXNC

You're right, thanks!

i'm currently thinking about that myself 😄

FWIW, I'd use a plain HTTP client for it.

tools.logging has only a test dependency on log4j and does not have a vulnerability from that

i suspect the cheshire dep is the one that’s older and vulnerable. Clojure easily allows you to override transitive deps and the stable nature of the ecosystem means this usually works.

Good to know, thanks @U064X3EF3

We're using managed dependencies to override all the dependencies of rollcage in practice. I'll see what I can do about getting a version bump of rollcage with more up to date versions of its dependencies.

I just released https://clojars.org/circleci/rollcage/versions/1.0.241 with more up-to-date dependencies if that helps.

For context, I'm thinking about building a clerk-like dev tool that can watch a namespace and automatically update as you're developing at the repl.

I don't think so, since the mappings are kept in a PersistentMap referenced by an AtomicReference instead of an atom, which doesn't support watches

https://github.com/clojure/clojure/blob/master/src/jvm/clojure/lang/Namespace.java#L25

Two solutions I can think of: • Use a modified version of Clojure • Monitor the values in a loop

Ok, that's more or less what I could gather. Thanks for the input!

One crazy idea is to create a subclass of Namespace that does support watches and replace the namespace instances I'm interested in with the subclass.

But @U2FRKM4TW’s idea to regularly poll is probably more straightforward.

interesting, but when do you replace it?

At dev time when I'm interested in tracking a namespace for changes.

oh, ok, I thought you needed something automatic

It does seem like it's possible to get notified when the list of *loaded-libs* changes. I would be happy if I could just watch a specific namespace, but it seems like it wouldn't be that hard to extend it to automatically track new namespaces.

imagine a world where you can run fully reactive datalog queries against the state of your program, its vars, and namespaces

I think there was a project similar to what you're describing. I can certainly imagine such a world. I fail to imagine the use. :)

Another option is some sort of IDE middleware (eg. cider/nrepl middleware). The idea would be to parse forms sent for eval and do something when you find a def call.

with nrepl middleware you can have arbitrarily powerful features. Personally I wouldn't parse the evaled forms - instead I'd check the ns vars programatically. If they're not identical? they changed

So just check the ns's mappings on every eval?

@U2FRKM4TW metazoa?

That seems pretty reasonable.

Seems very cheap/fast cider-nrepl's track-state middleware roughly works that way - it's re-performed on each eval-like op. There's some caching. (you can grep ops-that-can-eval in the cider-nrepl repo)

@UK0810AQ2 Never encountered it before, but looks interesting.

https://gitlab.com/glossa/metazoa#querying

Rich had some idea for storing the whole runtime in some queriable in memory DB iirc

You might be thinking of https://blog.datomic.com/2012/10/codeq.html

That was it

Seems to work well enough.

Nice!

That doesn't actually solve your original problem does it?

Yes, I get notified when a namespace either interns, unmaps, or a var changes so that I can update the UI.

Nice