funcool

2022-01-13T11:58:28.005800Z

@niwinz: Thanks for the reply, I didn’t mean to hassle you and this isn’t particularly urgent for me… As you say I can force the dep myself. I’ve just been on a bit of a trawl through transitive deps recently in light of log4shell and pushing such patches as far upstream as I can; largely to ensure the tests are also run upstream too. I’ve come across a few moribund projects along the way, so have been trying to help highlight them and find maintainers (or take it on myself) e.g. see https://github.com/clj-commons/meta/issues/63 so I was mainly just wondering what the status of buddy is, as it’s obviously an important dep for a lot of people.

niwinz 2022-01-13T11:59:38.007600Z

buddy is just stable dep, I have no plans to develop more functionality unless this is very very important, we use it ourselves for many purposes

niwinz 2022-01-13T12:00:27.008500Z

obviously any maintenance help is welcome,

niwinz 2022-01-13T12:01:25.010300Z

just for context, i'm right now very busy developing http://penpot.app that is built with clojure

niwinz 2022-01-13T12:01:31.010500Z

and using many funcool libraries

2022-01-13T12:03:28.012500Z

I agree it’s stable; it’s great 🙇 I was wondering a few things though… 1: I have been adding this github action to some of my projects: https://github.com/nnichols/clojure-dependency-update-action Which scans deps on a cron cycle and issues PRs (which will then run your tests etc) when upstream deps are bumped. This could help find any future CVEs in things like cheshire. I was thinking it might be worth adding something like this. 2. It being split into multiple deps makes sense; but it does make testing this stuff harder than it needs to be. I was wondering whether there might be any appetite in moving it into more of a mono-repo (but multi dep project); possibly rewired to use tools.deps/tools.build. It might help ensure all the tests can be run against changes across all repos before they’re pushed in an automated way.

niwinz 2022-01-13T12:04:01.013100Z

i'm open to this change

👍 1
niwinz 2022-01-13T12:04:08.013400Z

in fact is something I want to do...

niwinz 2022-01-13T12:04:18.013900Z

but I don't have quality time for it right now

2022-01-13T12:04:59.015Z

Yeah totally I appreciate that time is a big problem to maintaining and testing this stuff; and more automation can help make sure simple stuff like this is kept upto date, without a lot of effort on your part. Once it is in place of course

niwinz 2022-01-13T22:32:23.015900Z

buddy-core converted to tool.deps + tools.build

niwinz 2022-01-13T22:32:34.016100Z

and released a version

niwinz 2022-01-13T22:32:46.016500Z

I will try to do the same with the rest of packages

niwinz 2022-01-13T22:32:51.016700Z

this days