Fork me on GitHub
#funcool
<
2022-01-13
>
rickmoynihan11:01:28

@niwinz: Thanks for the reply, I didn’t mean to hassle you and this isn’t particularly urgent for me… As you say I can force the dep myself. I’ve just been on a bit of a trawl through transitive deps recently in light of log4shell and pushing such patches as far upstream as I can; largely to ensure the tests are also run upstream too. I’ve come across a few moribund projects along the way, so have been trying to help highlight them and find maintainers (or take it on myself) e.g. see https://github.com/clj-commons/meta/issues/63 so I was mainly just wondering what the status of buddy is, as it’s obviously an important dep for a lot of people.

niwinz11:01:38

buddy is just stable dep, I have no plans to develop more functionality unless this is very very important, we use it ourselves for many purposes

niwinz12:01:27

obviously any maintenance help is welcome,

niwinz12:01:25

just for context, i'm right now very busy developing http://penpot.app that is built with clojure

niwinz12:01:31

and using many funcool libraries

rickmoynihan12:01:28

I agree it’s stable; it’s great 🙇 I was wondering a few things though… 1: I have been adding this github action to some of my projects: https://github.com/nnichols/clojure-dependency-update-action Which scans deps on a cron cycle and issues PRs (which will then run your tests etc) when upstream deps are bumped. This could help find any future CVEs in things like cheshire. I was thinking it might be worth adding something like this. 2. It being split into multiple deps makes sense; but it does make testing this stuff harder than it needs to be. I was wondering whether there might be any appetite in moving it into more of a mono-repo (but multi dep project); possibly rewired to use tools.deps/tools.build. It might help ensure all the tests can be run against changes across all repos before they’re pushed in an automated way.

niwinz12:01:01

i'm open to this change

👍 1
niwinz12:01:08

in fact is something I want to do...

niwinz12:01:18

but I don't have quality time for it right now

rickmoynihan12:01:59

Yeah totally I appreciate that time is a big problem to maintaining and testing this stuff; and more automation can help make sure simple stuff like this is kept upto date, without a lot of effort on your part. Once it is in place of course

niwinz22:01:23

buddy-core converted to tool.deps + tools.build

niwinz22:01:34

and released a version

niwinz22:01:46

I will try to do the same with the rest of packages