Fork me on GitHub
#clojure-nl
<
2022-08-16
>
Thierry08:08:23

What are my possibilities when dependencies downloaded with lein deps that gets them from Clojars differ from the version on Github? When including [ring "1.9.5"] this should download/include [ring/ring-jetty-adapter "1.9.5"] with sub dependency [org.eclipse.jetty/jetty-server "9.4.48.v20220622"] as stated in the project.clj on Github. But on Clojars the included jetty-server is [org.eclipse.jetty/jetty-server "9.4.44.v20210927"]

Thierry08:08:30

Probably ask weavejester to push new version to Clojars right?

skuro09:08:44

that sounds scary tbh

skuro09:08:23

but when youu sae "the version on Github", you mean the 1.9.5 tag or just master?

skuro09:08:40

oh I see there's no 1.9.5 tag actually

Thierry09:08:27

Indeed, tho a commit from january pushes the version to 1.9.5 and a new commit from jully updates the jetty-server version. Clojars has a git tree corresponding to the on in january.

Thierry09:08:34

which is 1.9.5

skuro09:08:27

I'd say the solution should be indeed to ask James to tag 1.9.5 and then you should use that specific tag when pointing at github (I would then expect both to yield the same dependencies, clojars and github)

thomas09:08:09

not sure if you can do that with lein... with deps.edn you can specify the sha of a git version

Thierry09:08:40

You can, but you need middlewar, repositories and git-down in your project.clj, but I am trying to not use this as it's a security risk