leiningen

manas_marthi 2022-09-01T09:42:04.579899Z

How to let leiningen ignore ssl errors.

vemv 2022-09-01T11:00:18.445359Z

we cannot know without a better description :) do any of these faqs help? https://github.com/technomancy/leiningen/blob/github/doc/FAQ.md

manas_marthi 2022-09-01T11:04:10.376749Z

I am working behind ntlm proxy. It throws ssl errors because the proxy intercepts requests

vemv 2022-09-01T11:04:42.883159Z

yeah but "errors" is not precise, we need a message, stacktrace, etc

manas_marthi 2022-09-02T07:00:44.908449Z

Ok. How do I enable verbose logging

vemv 2022-09-02T07:03:26.306359Z

DEBUG=true lein foo

manas_marthi 2022-09-02T07:25:46.596359Z

vemv 2022-09-02T07:44:03.638339Z

you should copy and paste the whole stacktrace

manas_marthi 2022-09-02T07:48:16.154189Z

I cannot post from my laptop. Posting pic

manas_marthi 2022-09-02T07:49:14.288529Z

manas_marthi 2022-09-02T07:49:49.248209Z

I am trying to do lein repl in lein source repo

manas_marthi 2022-09-02T07:56:16.735819Z

vemv 2022-09-02T08:14:27.301999Z

did you go over the FAQ linked to earlier?

manas_marthi 2022-09-02T08:34:08.991059Z

Yes, they don't have much of a solution. npm has strict-ssl false setting. I wish I can do it with leiningen

vemv 2022-09-02T08:51:00.598349Z

yeah, I think that generally you cannot bypass SSL in Java. maybe you can remove the default :repositories and use unencrypted HTTP ones instead? e.g. http://insecure.repo1.maven.org/maven2/ then you'd enable HTTP as suggested in the faq

manas_marthi 2022-09-02T09:49:28.935169Z

Tx. Is there insecure clojars as well?

Cora (she/her) 2022-09-01T04:19:23.933089Z

is there a way to view deps with lein-ring activated? it injects so many dependencies that you don't see in lein deps :tree, dependencies that are wildly out of date and have a bunch of CVEs, and which you can't even audit except by watching what maven downloads when you go to use it

jumar 2022-09-01T10:42:42.838239Z

Maybe lein deps :plugin-tree ?

Cora (she/her) 2022-09-01T04:19:55.686529Z

like it uses an ancient jetty-server https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.2.21.v20170120

Cora (she/her) 2022-09-01T04:20:17.952239Z

that has 6 direct CVEs and 2 indirect CVEs attached to it

Cora (she/her) 2022-09-01T04:20:54.921219Z

I don't know what the solution is here other than to just not use lein-ring

Cora (she/her) 2022-09-01T04:21:19.111349Z

(which isn't even hard to not use, but I want to be able to demonstrate the ancient deps to others)

Cora (she/her) 2022-09-01T04:27:09.612399Z

Cora (she/her) 2022-09-01T04:28:09.174359Z

only when lein-ring is activated do you get all of these deps included, but you can't see them when you run lein deps :tree

Cora (she/her) 2022-09-01T04:28:55.857649Z

this seems like a really bad deal and it seems like a fairly widely used library

Cora (she/her) 2022-09-01T04:29:29.422589Z

https://clojars.org/lein-ring

Cora (she/her) 2022-09-01T04:29:35.101129Z

"2,872,193 Downloads"

Cora (she/her) 2022-09-01T04:29:42.237509Z

"12,040 This Version"