Welcome! Please see the About page for a little more info on how this works.

GitHub Login

All Activity
Questions
Unanswered
Tags
Ask a Question
About

`create-basis` silently accepts missing aliases

+1 vote

asked 2 days ago in Clojure CLI by Ambrose Bonnaire-Ser

In this scenario, the alias for create-basis was incorrect, preventing security deps overrides from being applied. For 2 years clojars was deployed with these vulnerable deps.

In this case, I proposed to inline the alias into :deps. However there may be other scenarios where a tools.deps change might be helpful to catch these mistakes earlier, for example a warning or error.

tools.deps
tools.build

Please log in or register to add a comment.

Please log in or register to answer this question.

0 Answers

Welcome to Clojure Q&A, where you can ask questions and receive answers from members of the Clojure community.

Related questions

create-basis uses the wrong local maven repository
create-basis/java-command do not handle :jvm-opts
tools.build create-basis cannot use alias that includes tools.deps.alpha
How can tooling based on deps.edn/t.d.a construct a basis that is specified by aliases, without boilerplate code?
Option in `clojure` CLI command to print the basis

Categories

All categories
Clojure (1.6k)
ClojureScript (619)
ClojureCLR (28)
Contrib libs (738)
Tools (82)
- Clojure CLI (61)
- Leiningen (2)
- Calva (6)
- CIDER (4)
- Cursive (1)
- clojure-lsp (0)
- Portal (1)
- Morse (1)
- REBL (1)
- cljfmt (0)
- clj-kondo (0)
Meta (20)
Other (96)
Beginner (2)

Maintained by Cognitect on behalf of the Clojure community

...