Sometimes newer versions of dependencies just add new features. In those cases you only need to upgrade if you want to use those features. Sometimes they break behavior. In those cases upgrading can be a hassle and a half.
But using old versions of libraries can carry risks. As things are used, issues are discovered. As issues are discovered, malicious actors will start to take advantage of them.
As such it makes sense to keep up to date with the latest versions of things and to keep yourself aware of security issues
as they are discovered. Because doing this manually is impractical, we will use a tool called antq
.
outdated
" recipe to your Justfile
This should directly invoke clojure with com.github.liquidz/antq
as a dependency.
The reason we don't add an alias for this to the project's deps.edn
is that
the tool's documentation does not suggest it.
help:
just --list
run:
clojure -M -m example.main
nrepl:
clojure -M:dev -m nrepl.cmdline
format_check:
clojure -M:format -m cljfmt.main check src dev test
format:
clojure -M:format -m cljfmt.main fix src dev test
lint:
clojure -M:lint -m clj-kondo.main --lint .
test:
clojure -M:dev -m kaocha.runner
outdated:
clojure -Sdeps '{:deps {com.github.liquidz/antq {:mvn/version "RELEASE"}}}' -M -m antq.core
just outdated
and fix any outdated dependencies.As the laws of physics dictate you are reading this in a time after it was written, there is almost a certainty that at least one of the libraries you've used so far has a newer version.