0.9.2: page-to-pdf not working in a container

[j2l]

OK, let's dive into the container /usr/local/lib/node_modules/@saltcorn/cli

npm i

up to date, audited 1751 packages in 42s

149 packages are looking for funding
  run `npm fund` for details

38 vulnerabilities (33 moderate, 3 high, 2 critical)

Hmm, it doesn't install puppeteer, and it throws vulnerabilities. I couldn't fix the vulnerabilities using npm audit fix --force, nor update npm, because node is too old.

[glutamate]

hello @j2l !

how did you install Saltcorn? Is this in one of the docker images we upload to docker hub? (which one?)

[j2l]

Good to read you @glutamate Happy New Year Tom!

I installed it as usual, using docker with latest image (0.9.2).

[glutamate]

Maybe we should base the docker images on Debian 12 as well and install all the dependencies we usually need

[j2l]

Yep, it's getting outdated.

[glutamate]

@j2l would you be able to test this on the latest docker image, just released

[j2l]

Thank you @glutamate ! Now, I'm on 0.9.3-beta.3, page-to-pdf 0.2.3 Making a page ... I can't drag drop components anymore! No error in the console or the container. If I try to delete the content (default column with text): I'm getting error:

TypeError: e.nodes[n] is undefined
    o https://xxx/static_assets/9adf390d6b0ffd8d/builder_bundle.js:80
    e https://xxx/static_assets/9adf390d6b0ffd8d/builder_bundle.js:76
...

Besides favicon, I don't see any error that shows anything missing.

I had a page to print to pdf and a button ready in a tenant of this upgraded server, and it throws page not found at URL: https://xxx.nnn.xxx/files/serve/undefined chromium is installed:

/usr/bin/chromium
/usr/lib/chromium
/usr/lib/chromium/chromium
/usr/share/bug/chromium
/usr/share/doc/chromium
/usr/share/lintian/overrides/chromium
/usr/share/chromium
/etc/chromium

but there's something missing, no error in the container.

Not being able to drop components in a page drop zone is a major problem. No idea what happens.

[glutamate]

Hi @j2l , I can't replicate the not able to drag problem, can you tell me which browser you are using and if this is a new application or there are exisiting views and pages

[j2l]

I can't replicate ... too! :) No idea what happened yesterday on firefox. Maybe, it was installing puppeteer and chromium while I was creating the page or a connection issue while using the server.

pdf-to-page is working as expected today.

Still, some packages are lagging behind latest updates and can't be fixed, here's the full log:

npm i

up to date, audited 1746 packages in 32s

149 packages are looking for funding
  run `npm fund` for details

37 vulnerabilities (35 moderate, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

root@151320420f55:/usr/local/lib/node_modules/@saltcorn/cli# npm audit fix

up to date, audited 1746 packages in 10s

149 packages are looking for funding
  run `npm fund` for details

# npm audit report

axios  0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @saltcorn/data@0.7.1, which is a breaking change
node_modules/axios
  @saltcorn/data  >=0.3.4-beta.0
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of blockly
  Depends on vulnerable versions of latest-version
  node_modules/@saltcorn/data
    @saltcorn/admin-models  >=0.7.2-beta.0
    Depends on vulnerable versions of @saltcorn/data
    node_modules/@saltcorn/admin-models
    @saltcorn/base-plugin  >=0.7.2-beta.0
    Depends on vulnerable versions of @saltcorn/data
    node_modules/@saltcorn/base-plugin
    @saltcorn/mobile-builder  *
    Depends on vulnerable versions of @saltcorn/base-plugin
    Depends on vulnerable versions of @saltcorn/data
    Depends on vulnerable versions of @saltcorn/mobile-app
    Depends on vulnerable versions of @saltcorn/sbadmin2
    Depends on vulnerable versions of @saltcorn/server
    Depends on vulnerable versions of webpack
    node_modules/@saltcorn/mobile-builder
    @saltcorn/sbadmin2  >=0.7.0-beta.0
    Depends on vulnerable versions of @saltcorn/data
    Depends on vulnerable versions of startbootstrap-sb-admin-2-bs5
    node_modules/@saltcorn/sbadmin2
    @saltcorn/server  >=0.7.2-beta.0
    Depends on vulnerable versions of @saltcorn/admin-models
    Depends on vulnerable versions of @saltcorn/base-plugin
    Depends on vulnerable versions of @saltcorn/data
    Depends on vulnerable versions of @saltcorn/sbadmin2
    Depends on vulnerable versions of resize-with-sharp-or-jimp
    node_modules/@saltcorn/server

datatables.net  <1.11.3
Severity: moderate
Cross site scripting in datatables.net  - https://github.com/advisories/GHSA-h73q-5wmj-q8pj
fix available via `npm audit fix`
node_modules/datatables.net
  datatables.net-bs4  1.10.16 - 1.10.25
  Depends on vulnerable versions of datatables.net
  node_modules/datatables.net-bs4
    startbootstrap-sb-admin-2-bs5  *
    Depends on vulnerable versions of datatables.net-bs4
    node_modules/startbootstrap-sb-admin-2-bs5

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
No fix available
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        cordova  3.1.0-0.1.0 - 3.5.0-0.2.0 || 4.0.1 || >=5.4.0
        Depends on vulnerable versions of cordova-create
        Depends on vulnerable versions of cordova-lib
        Depends on vulnerable versions of insight
        Depends on vulnerable versions of update-notifier
        node_modules/cordova
          @saltcorn/mobile-app  *
          Depends on vulnerable versions of cordova
          node_modules/@saltcorn/mobile-app

jsdom  <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install @saltcorn/data@0.7.1, which is a breaking change
node_modules/jsdom
  blockly  2.20190722.1 - 4.20210325.0-beta.3 || 5.20210325.1 - 9.1.1
  Depends on vulnerable versions of jsdom
  node_modules/blockly

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  insight  *
  Depends on vulnerable versions of request
  node_modules/insight
  node-gyp  <=7.1.2
  Depends on vulnerable versions of request
  node_modules/node-gyp
    @npmcli/run-script  1.1.1 - 1.8.6
    Depends on vulnerable versions of node-gyp
    node_modules/@npmcli/run-script
      pacote  11.1.5 - 11.3.5
      Depends on vulnerable versions of @npmcli/run-script
      node_modules/pacote
        cordova-fetch  3.0.1-nightly.2020.4.13.787574b1 - 3.1.1-nightly.2023.3.27.d7f5822a
        Depends on vulnerable versions of pacote
        node_modules/cordova-fetch
          cordova-create  1.1.3-nightly.2017.12.15.8ff490ce - 1.1.3-nightly.2018.3.17.8ff490ce || 4.0.0-nightly.2021.11.2.70bc862c - 4.1.1-nightly.2023.3.27.002f2c57
          Depends on vulnerable versions of cordova-fetch
          node_modules/cordova-create
          cordova-lib  7.0.2-nightly.2017.5.9.be7f7ac6 - 7.0.2-nightly.2017.9.24.e50c9b60 || 7.1.1-nightly.2017.10.10.708da2b8 - 7.1.1-nightly.2017.12.14.8ad0a8b9 || 8.0.1-nightly.2017.12.17.33ef33af - 8.0.1-nightly.2018.9.8.1bc9dd05 || 9.0.0-nightly.2018.9.13.87e9f5cd - 9.0.0-nightly.2019.2.17.7a5d4826 || 9.0.2-nightly.2019.4.2.c017729d - 10.0.0-nightly.2020.6.3.7a20be8b || 10.0.1-nightly.2020.7.28.1d98b57a - 12.0.0-nightly.2023.5.16.ac491cdc
          Depends on vulnerable versions of cordova-fetch
          node_modules/cordova-lib
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/jsdom/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie

webpack  5.0.0 - 5.75.0
Severity: critical
Cross-realm object access in Webpack 5 - https://github.com/advisories/GHSA-hc6q-2mpp-qw7j
fix available via `npm audit fix --force`
Will install @saltcorn/mobile-builder@0.7.2, which is a breaking change
node_modules/webpack

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install @saltcorn/server@0.7.1, which is a breaking change
node_modules/parse-bmfont-xml/node_modules/xml2js
  parse-bmfont-xml  *
  Depends on vulnerable versions of xml2js
  node_modules/parse-bmfont-xml
    load-bmfont  >=1.1.0
    Depends on vulnerable versions of parse-bmfont-xml
    node_modules/load-bmfont
      @jimp/plugin-print  *
      Depends on vulnerable versions of load-bmfont
      node_modules/@jimp/plugin-print
        @jimp/plugins  *
        Depends on vulnerable versions of @jimp/plugin-print
        node_modules/@jimp/plugins
          jimp  >=0.3.6-alpha.5
          Depends on vulnerable versions of @jimp/plugins
          node_modules/jimp
            resize-with-sharp-or-jimp  *
            Depends on vulnerable versions of jimp
            node_modules/resize-with-sharp-or-jimp

37 vulnerabilities (35 moderate, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

root@151320420f55:/usr/local/lib/node_modules/@saltcorn/cli# npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating @saltcorn/data to 0.7.1, which is a SemVer major change.
npm WARN audit Updating @saltcorn/mobile-builder to 0.7.2, which is a SemVer major change.
npm WARN audit Updating @saltcorn/admin-models to 0.7.1, which is a SemVer major change.
npm WARN audit Updating @saltcorn/server to 0.7.1, which is a SemVer major change.
npm WARN audit No fix available for @saltcorn/mobile-app@*
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated multer@1.4.4: Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.
npm ERR! code 1
npm ERR! path /usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp
npm ERR! command failed
npm ERR! command sh -c node-gyp rebuild
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using node-gyp@7.1.2
npm ERR! gyp info using node@18.19.0 | linux | x64
npm ERR! gyp info find Python using Python version 3.11.2 found at "/usr/bin/python3"
npm ERR! (node:623) [DEP0150] DeprecationWarning: Setting process.config is deprecated. In the future the property will be read-only.
npm ERR! (Use `node --trace-deprecation ...` to show where the warning was created)
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/root/.cache/node-gyp/18.19.0/include/node/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/root/.cache/node-gyp/18.19.0',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/root/.cache/node-gyp/18.19.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! Traceback (most recent call last):
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/gyp_main.py", line 51, in <module>
npm ERR!     sys.exit(gyp.script_main())
npm ERR!              ^^^^^^^^^^^^^^^^^
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 670, in script_main
npm ERR!     return main(sys.argv[1:])
npm ERR!            ^^^^^^^^^^^^^^^^^^
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 662, in main
npm ERR!     return gyp_main(args)
npm ERR!            ^^^^^^^^^^^^^^
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 629, in gyp_main
npm ERR!     [generator, flat_list, targets, data] = Load(
npm ERR!                                             ^^^^^
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 150, in Load
npm ERR!     result = gyp.input.Load(
npm ERR!              ^^^^^^^^^^^^^^^
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 3021, in Load
npm ERR!     LoadTargetBuildFile(
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 411, in LoadTargetBuildFile
npm ERR!     build_file_data = LoadOneBuildFile(
npm ERR!                       ^^^^^^^^^^^^^^^^^
npm ERR!   File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 239, in LoadOneBuildFile
npm ERR!     build_file_contents = open(build_file_path, "rU").read()
npm ERR!                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
npm ERR! ValueError: invalid mode: 'rU' while trying to load binding.gyp
npm ERR! gyp ERR! configure error 
npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/lib/configure.js:351:16)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:517:28)
npm ERR! gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:292:12)
npm ERR! gyp ERR! System Linux 5.4.0-148-generic
npm ERR! gyp ERR! command "/usr/bin/node" "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/.bin/node-gyp" "rebuild"
npm ERR! gyp ERR! cwd /usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp
npm ERR! gyp ERR! node -v v18.19.0
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2024-01-09T06_48_49_047Z-debug-0.log

Feel free to close it as to the page-to-pdf issue.

[j2l]

And actually, the "File not found" issue is still present too :( only when you select "Save to file"

[j2l]

The files are actually saved on the server:

but checking "Save to file" always link to http://xx.yyy.zz/files/serve/undefined

[JuergenRosskamp]

Same here: "but checking "Save to file" always link to http://xx.yyy.zz/files/serve/undefined", current saltcorn installation under Debian, latest page_to_pdf module installed. Trying to find a way to get rid of that error and to store the created PDF as a Blob into a Table or the database. Will there be updates to the module?

[glutamate]

@JuergenRosskamp are you deployed in a docker container or a normal install under debian?

[JuergenRosskamp]

I did a normal install under debian following your instruction in the wiki. I used a VPS.