rendertron
rendertron copied to clipboard
GoogleChrome
Upgraded everything to the latest (packages, puppeteer, node, etc)
This PR covers the following to bring rendertron to the latest in terms of dependencies, puppeteer, node versions, etc.
Upgrades/Changes:
- Upgraded all the dependencies to their latest versions. See package.json
- Addressed compatibility issues (e.g. typescript types) within rendertron code to use the latest packages
- Node v10 is outdated and no longer maintained. Similarly node v12 is EOL in 04/22. So upgraded packages using current node version (v16) and updated actions to test on v14, v16 & v17. See https://nodejs.org/en/about/releases/
- Puppeteer upgraded to 10.4.0
- Used the fix from PR #694 for tests failing due to google-cloud SDK. Credit: @dwsmart for PR #694.
Tests:
- Tests all seem to pass. Also tried the CI actions on my personal repo to make sure it passed (see https://github.com/gravi2/rendertron/actions/runs/1379045134)
- Tested few websites to make sure the filesystem and memory cache worked.
I am looking for community to try this PR/branch and report any improvements/issues/etc compared to the current master.
Hi @gravi2 , I ran on your PR branch for about 1 month now (from #761) , so far seem ok, dont have crash or some random failed to render issue. I got turn on closeBrowser config because it return 0kb empty response when rendering, after turn on and it is working fine d. I saw the solution somewhere in one of the issue in this repo before.
git clone https://github.com/GoogleChrome/rendertron.git followed by
git pull origin pull/813/head
correct?
I get:
13 vulnerabilities (7 moderate, 5 high, 1 critical)
After audit fix
npm audit fix
# npm audit report
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
ava 0.1.0 - 4.0.0-rc.1
Depends on vulnerable versions of update-notifier
node_modules/ava
node-fetch <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/puppeteer/node_modules/node-fetch
puppeteer 10.0.0 - 13.1.1
Depends on vulnerable versions of node-fetch
node_modules/puppeteer
7 vulnerabilities (5 moderate, 2 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Would be great to have these looked into.
@AVGP Trying to see if you got a chance to look at the PR? I will be happy to help maintain the project.
@gravi2 I'm using it in production now, currently at 2200 pages cached for some rather heavy duty sites. Have not found any issues so far. Should reach 20K cached in 2 weeks. Caches pages are in file system.
Is there something you can do regarding the vulnerabilities?