How to let leiningen ignore ssl errors.
we cannot know without a better description :) do any of these faqs help? https://github.com/technomancy/leiningen/blob/github/doc/FAQ.md
I am working behind ntlm proxy. It throws ssl errors because the proxy intercepts requests
yeah but "errors" is not precise, we need a message, stacktrace, etc
Ok. How do I enable verbose logging
DEBUG=true lein foo
you should copy and paste the whole stacktrace
I cannot post from my laptop. Posting pic
I am trying to do lein repl in lein source repo
did you go over the FAQ linked to earlier?
Yes, they don't have much of a solution. npm has strict-ssl false setting. I wish I can do it with leiningen
yeah, I think that generally you cannot bypass SSL in Java. maybe you can remove the default :repositories and use unencrypted HTTP ones instead? e.g. http://insecure.repo1.maven.org/maven2/ then you'd enable HTTP as suggested in the faq
Tx. Is there insecure clojars as well?
is there a way to view deps with lein-ring activated? it injects so many dependencies that you don't see in lein deps :tree, dependencies that are wildly out of date and have a bunch of CVEs, and which you can't even audit except by watching what maven downloads when you go to use it
Maybe lein deps :plugin-tree ?
like it uses an ancient jetty-server https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.2.21.v20170120
that has 6 direct CVEs and 2 indirect CVEs attached to it
I don't know what the solution is here other than to just not use lein-ring
(which isn't even hard to not use, but I want to be able to demonstrate the ancient deps to others)
only when lein-ring is activated do you get all of these deps included, but you can't see them when you run lein deps :tree
this seems like a really bad deal and it seems like a fairly widely used library
"2,872,193 Downloads"
"12,040 This Version"