Is it safe to upgrade `clojure.core.{async,memoize,cache}` as of 2025-05-09?

Most recent Datomic Cloud ion servers seems to use the following versions of the libraries in question:

   org.clojure/core.async #:mvn{:version "1.6.681"},
   org.clojure/core.cache #:mvn{:version "1.0.225"},
   org.clojure/core.memoize #:mvn{:version "1.0.253"},

which seems to match what i see on the classpath of the ion server too:

/opt/datomic/deploy/image/lib/core.async-1.6.681.jar
/opt/datomic/deploy/image/lib/core.cache-1.0.225.jar
/opt/datomic/deploy/image/lib/core.memoize-1.0.253.jar

According to the core.async changelog
1.6.681 is from 2023.08.09 and the current stable release is 1.8.741 from 2025-04-07.
There seem to be a lots of changes, which I can imagine might interfere with Datomic Cloud’s functionality, so I’m not sure, whether it’s safe to upgrade or not.

core.memoize seems to be the safest to upgrade:

  • Release 1.1.266 on 2024.02.19
    • Update parent pom and deps
    • Fixes CMEMOIZE-30 - typo in ttl docstring (j-mckitrick).
  • Release 1.0.257 on 2022.02.11
    • Implement IPending for RetryingDelay for folks trying to do low-level availability tests on long-running memoized functions.
  • Release 1.0.253 on 2021.12.06
    • Update core.cache to 1.0.225

core.cache also shows some non-minor changes since the version used by Datomic Cloud:

  • Release 1.2.next in progress
    • CCACHE-65 Use delay in lookup-or-miss to avoid cache-stampede.
  • Release 1.1.234 on 2024-02-19
    • Update parent pom and data.priority-map versions
  • Release 1.0.225 on 2021-12-06
    • Update data.priority-map to 1.1.0

I’ve just realized, that since clojure -M:ion-dev "{:op :push ... mentions all 3 of these libs in the :dependency-conflicts section of its output, I can’t even force to upgrade these libs :frowning:

So, I guess, the answer is NO, it is NOT safe to upgrade these deps.

@onetom I will check with dev. However, the dependency conflict section is not as “smart” as we’d like it. It is simply checking the deps you push against a manifest.edn we ship with each version. So you can… actually upgrade the versions and ignore the conflict, but I do need to look into everything you have asked about to determine if that is going to pose a problem.

1 Like

I got clarification that we are indeed stopping you from updating these deps. However, I have put in work to upgrade all of our deps in this area and with that we will be able to determine if any of these new deps are an issue.

1 Like