This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-01-12
Channels
- # announcements (2)
- # babashka (26)
- # beginners (48)
- # calva (32)
- # cider (23)
- # clj-kondo (61)
- # cljfx (3)
- # clojure (93)
- # clojure-australia (2)
- # clojure-europe (23)
- # clojure-losangeles (1)
- # clojure-nl (5)
- # clojure-uk (4)
- # clojurescript (46)
- # cloverage (9)
- # code-reviews (1)
- # copenhagen-clojurians (1)
- # cursive (39)
- # data-science (6)
- # datahike (8)
- # deps-new (8)
- # depstar (2)
- # etaoin (1)
- # fulcro (2)
- # funcool (2)
- # graalvm (5)
- # jackdaw (3)
- # java (17)
- # jobs-discuss (43)
- # kaocha (2)
- # leiningen (25)
- # malli (8)
- # minecraft (1)
- # missionary (8)
- # observability (6)
- # off-topic (37)
- # other-languages (12)
- # practicalli (1)
- # reagent (4)
- # releases (78)
- # remote-jobs (1)
- # sci (9)
- # shadow-cljs (13)
- # spacemacs (6)
- # sql (1)
- # tools-deps (30)
- # xtdb (3)
#depstar
<
2022-01-12@seancorfield I know depstar is technically deprecated, but it seems like it has a dependency on a "bad" log4j version. I don't really see a way that it could be exploited, but it might be nice for users who haven't migrated to tools.build if you released a new version with a "fixed" log4j dependency
The repo is archived and readonly. Since it is only run as part of a dev or CI build setup, I don't see much of an attack vector from third parties?
👍 1