@niwinz: Thanks for the reply, I didn’t mean to hassle you and this isn’t particularly urgent for me… As you say I can force the dep myself. I’ve just been on a bit of a trawl through transitive deps recently in light of log4shell and pushing such patches as far upstream as I can; largely to ensure the tests are also run upstream too. I’ve come across a few moribund projects along the way, so have been trying to help highlight them and find maintainers (or take it on myself) e.g. see https://github.com/clj-commons/meta/issues/63 so I was mainly just wondering what the status of buddy is, as it’s obviously an important dep for a lot of people.
buddy is just stable dep, I have no plans to develop more functionality unless this is very very important, we use it ourselves for many purposes
obviously any maintenance help is welcome,
just for context, i'm right now very busy developing http://penpot.app that is built with clojure
and using many funcool libraries
I agree it’s stable; it’s great 🙇 I was wondering a few things though… 1: I have been adding this github action to some of my projects: https://github.com/nnichols/clojure-dependency-update-action Which scans deps on a cron cycle and issues PRs (which will then run your tests etc) when upstream deps are bumped. This could help find any future CVEs in things like cheshire. I was thinking it might be worth adding something like this. 2. It being split into multiple deps makes sense; but it does make testing this stuff harder than it needs to be. I was wondering whether there might be any appetite in moving it into more of a mono-repo (but multi dep project); possibly rewired to use tools.deps/tools.build. It might help ensure all the tests can be run against changes across all repos before they’re pushed in an automated way.
i'm open to this change
in fact is something I want to do...
but I don't have quality time for it right now
Yeah totally I appreciate that time is a big problem to maintaining and testing this stuff; and more automation can help make sure simple stuff like this is kept upto date, without a lot of effort on your part. Once it is in place of course
buddy-core converted to tool.deps + tools.build
and released a version
I will try to do the same with the rest of packages
this days