This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-09-01
Channels
- # adventofcode (2)
- # announcements (3)
- # babashka-sci-dev (79)
- # beginners (76)
- # biff (2)
- # calva (32)
- # cider (2)
- # clj-kondo (42)
- # clj-on-windows (17)
- # clojure (28)
- # clojure-belgium (1)
- # clojure-berlin (1)
- # clojure-europe (95)
- # clojure-nl (4)
- # clojure-norway (4)
- # clojure-uk (5)
- # clojurescript (27)
- # conjure (5)
- # cursive (3)
- # data-science (16)
- # datomic (67)
- # graalvm (12)
- # hyperfiddle (36)
- # jobs (3)
- # jobs-discuss (1)
- # kaocha (2)
- # klipse (1)
- # leiningen (28)
- # lsp (16)
- # luminus (3)
- # malli (10)
- # nrepl (3)
- # off-topic (57)
- # other-languages (18)
- # re-frame (4)
- # reitit (8)
- # releases (1)
- # remote-jobs (1)
- # scittle (4)
- # shadow-cljs (7)
- # test-check (1)
- # tools-deps (4)
- # vim (11)
- # xtdb (25)
is there a way to view deps with lein-ring activated? it injects so many dependencies that you don't see in lein deps :tree, dependencies that are wildly out of date and have a bunch of CVEs, and which you can't even audit except by watching what maven downloads when you go to use it
like it uses an ancient jetty-server https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.2.21.v20170120
that has 6 direct CVEs and 2 indirect CVEs attached to it
I don't know what the solution is here other than to just not use lein-ring
(which isn't even hard to not use, but I want to be able to demonstrate the ancient deps to others)
only when lein-ring is activated do you get all of these deps included, but you can't see them when you run lein deps :tree
this seems like a really bad deal and it seems like a fairly widely used library
"2,872,193 Downloads"
"12,040 This Version"
How to let leiningen ignore ssl errors.
we cannot know without a better description :) do any of these faqs help? https://github.com/technomancy/leiningen/blob/github/doc/FAQ.md
I am working behind ntlm proxy. It throws ssl errors because the proxy intercepts requests
Ok. How do I enable verbose logging
I cannot post from my laptop. Posting pic
I am trying to do lein repl in lein source repo
Yes, they don't have much of a solution. npm has strict-ssl false setting. I wish I can do it with leiningen
yeah, I think that generally you cannot bypass SSL in Java. maybe you can remove the default :repositories and use unencrypted HTTP ones instead? e.g. http://insecure.repo1.maven.org/maven2/ then you'd enable HTTP as suggested in the faq
Tx. Is there insecure clojars as well?