Clojars Worklog - 2023

This worklog covers work performed on Clojars under a contract from the Clojurists Together Foundation. The contract covers general maintenance.

Commit Logs: clojars-web

The work this month was modernization: we moved away from yesql in favor of honeysql, and to next.jdbc from clojure.java.jdbc:

• Convert from yesql to honeysql for SQL queries
• Convert from java.jdbc to next.jdbc
• Don’t send password change email when just profile email address changed
• Adjust dependencies to address CVEs

Commit Logs: clojars-web

Most of September was vacation, but I did make a few improvements towards the end of the month:

• Prevent memory leak from in-memory session store This was the source of intermittent OOMs for years, and I finally tracked it down.
• Require a license in the POM for new projects

Commit Logs: clojars-web, infrastructure

I took this month to clean up some long-standing issues:

• Fixed an issue with error reporting from the repository routes
• Include release date for each version in feed.clj
• Include scm tag for each version in feed.clj
• Require MFA group wide to deploy

And a few quality of life improvements:

• Add denylist to email sender
• Migrate from project.clj to deps.edn
• Upgraded to latest clj-kondo for code linting

The CHANGELOG file also covers any user-facing changes.