rendertron icon indicating copy to clipboard operation
rendertron copied to clipboard
verified publisher icon GoogleChrome

Upgraded everything to the latest (packages, puppeteer, node, etc)

Open gravi2 opened this issue 4 years ago • 5 comments

This PR covers the following to bring rendertron to the latest in terms of dependencies, puppeteer, node versions, etc.

Upgrades/Changes:

  1. Upgraded all the dependencies to their latest versions. See package.json
  2. Addressed compatibility issues (e.g. typescript types) within rendertron code to use the latest packages
  3. Node v10 is outdated and no longer maintained. Similarly node v12 is EOL in 04/22. So upgraded packages using current node version (v16) and updated actions to test on v14, v16 & v17. See https://nodejs.org/en/about/releases/
  4. Puppeteer upgraded to 10.4.0
  5. Used the fix from PR #694 for tests failing due to google-cloud SDK. Credit: @dwsmart for PR #694.

Tests:

  1. Tests all seem to pass. Also tried the CI actions on my personal repo to make sure it passed (see https://github.com/gravi2/rendertron/actions/runs/1379045134)
  2. Tested few websites to make sure the filesystem and memory cache worked.

gravi2 avatar Oct 25 '21 00:10 gravi2

I am looking for community to try this PR/branch and report any improvements/issues/etc compared to the current master.

gravi2 avatar Oct 25 '21 03:10 gravi2

Hi @gravi2 , I ran on your PR branch for about 1 month now (from #761) , so far seem ok, dont have crash or some random failed to render issue. I got turn on closeBrowser config because it return 0kb empty response when rendering, after turn on and it is working fine d. I saw the solution somewhere in one of the issue in this repo before.

nogamenofun98 avatar Dec 23 '21 02:12 nogamenofun98

git clone https://github.com/GoogleChrome/rendertron.git followed by git pull origin pull/813/head

correct?

I get:

13 vulnerabilities (7 moderate, 5 high, 1 critical)

After audit fix

npm audit fix

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        ava  0.1.0 - 4.0.0-rc.1
        Depends on vulnerable versions of update-notifier
        node_modules/ava

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/puppeteer/node_modules/node-fetch
  puppeteer  10.0.0 - 13.1.1
  Depends on vulnerable versions of node-fetch
  node_modules/puppeteer

7 vulnerabilities (5 moderate, 2 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

Would be great to have these looked into.

zehawki avatar Aug 06 '22 15:08 zehawki

@AVGP Trying to see if you got a chance to look at the PR? I will be happy to help maintain the project.

gravi2 avatar Aug 19 '22 17:08 gravi2

@gravi2 I'm using it in production now, currently at 2200 pages cached for some rather heavy duty sites. Have not found any issues so far. Should reach 20K cached in 2 weeks. Caches pages are in file system.

Is there something you can do regarding the vulnerabilities?

zehawki avatar Aug 20 '22 14:08 zehawki