This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-12-17
Channels
- # adventofcode (33)
- # announcements (1)
- # beginners (32)
- # calva (12)
- # cider (1)
- # clojure (73)
- # clojure-belgium (1)
- # clojure-europe (20)
- # clojure-norway (3)
- # datomic (3)
- # emacs (2)
- # fulcro (18)
- # graphql (11)
- # honeysql (1)
- # juxt (1)
- # lsp (10)
- # membrane (13)
- # reitit (1)
- # releases (5)
- # scittle (15)
- # spacemacs (1)
- # squint (36)
- # testing (1)
- # tools-deps (20)
- # xtdb (5)
Moving from lein
and one nagging question for me has been around global :exclusions
. For an example of why I am wondering, see https://github.com/stuartsierra/log.dev/blob/master/project.clj.
I worry that specifying exclusions per-dep is going to get extremely wordy, and am interested in any ways to clean up the mess of ensuing :exclusions
.
Maybe in tools.deps land this looks something like a processing step that programatically adds the exclusions per-dep?
I'm not really sure one way or the other, but I sure would like some top-level method of excluding logging junk!
Right now, not much to help you, but has been requested several times. Can you add to https://ask.clojure.org ? I can’t immediately find it there
You will need exclusions a lot less, in my experience, because of the different algorithm for selecting versions of dependencies. tools.deps
uses a much simpler and more obvious algorithm than lein
. I found that that helped eliminate nearly all of the :exclusions
that we used to need with Leiningen. But it does depend on why you are trying to exclude dependencies.
We have not found we need that. We use log4j2 and clojure.tools.logging
and have everything bridged to that, and have never had an issue with dependencies bringing in other bridge libraries.
yeah, taking a quick look at my current deps tree, not so bad, so perhaps my "omg im going to need to exclude so much logging junk" isn't as bad as I expected it might be.
I just looked. We have four exclusions across 174 deps.edn
files in our 134Kloc codebase.
quasi-related question for you since you mention 174 files (that's a lot of files): do you do anything similar to lein's managed-dependencies?
Two are logging related: one excludes slf4j-nop from build tooling, the other excludes log4j 1.x from an Authorize,Net dep.
We have one exclusion of Cheshire in one place (because of Jackson issues).
We keep our deps up to date by running antq regularly and tweaking things only as needed to suppress problematic deps. We also run clj-watson to check for CVEs and we address those as fast as we can.