Open j2l opened 8 months ago
hello @j2l !
how did you install Saltcorn? Is this in one of the docker images we upload to docker hub? (which one?)
Good to read you @glutamate Happy New Year Tom!
I installed it as usual, using docker with latest
image (0.9.2).
Maybe we should base the docker images on Debian 12 as well and install all the dependencies we usually need
Yep, it's getting outdated.
@j2l would you be able to test this on the latest docker image, just released
Thank you @glutamate ! Now, I'm on 0.9.3-beta.3, page-to-pdf 0.2.3 Making a page ... I can't drag drop components anymore! No error in the console or the container. If I try to delete the content (default column with text): I'm getting error:
TypeError: e.nodes[n] is undefined
o https://xxx/static_assets/9adf390d6b0ffd8d/builder_bundle.js:80
e https://xxx/static_assets/9adf390d6b0ffd8d/builder_bundle.js:76
...
Besides favicon, I don't see any error that shows anything missing.
I had a page to print to pdf and a button ready in a tenant of this upgraded server, and it throws page not found
at URL: https://xxx.nnn.xxx/files/serve/undefined
chromium is installed:
/usr/bin/chromium
/usr/lib/chromium
/usr/lib/chromium/chromium
/usr/share/bug/chromium
/usr/share/doc/chromium
/usr/share/lintian/overrides/chromium
/usr/share/chromium
/etc/chromium
but there's something missing, no error in the container.
Not being able to drop components in a page drop zone is a major problem. No idea what happens.
Hi @j2l , I can't replicate the not able to drag problem, can you tell me which browser you are using and if this is a new application or there are exisiting views and pages
I can't replicate ... too! :) No idea what happened yesterday on firefox. Maybe, it was installing puppeteer and chromium while I was creating the page or a connection issue while using the server.
pdf-to-page is working as expected today.
Still, some packages are lagging behind latest updates and can't be fixed, here's the full log:
npm i
up to date, audited 1746 packages in 32s
149 packages are looking for funding
run `npm fund` for details
37 vulnerabilities (35 moderate, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
root@151320420f55:/usr/local/lib/node_modules/@saltcorn/cli# npm audit fix
up to date, audited 1746 packages in 10s
149 packages are looking for funding
run `npm fund` for details
# npm audit report
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @saltcorn/data@0.7.1, which is a breaking change
node_modules/axios
@saltcorn/data >=0.3.4-beta.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of blockly
Depends on vulnerable versions of latest-version
node_modules/@saltcorn/data
@saltcorn/admin-models >=0.7.2-beta.0
Depends on vulnerable versions of @saltcorn/data
node_modules/@saltcorn/admin-models
@saltcorn/base-plugin >=0.7.2-beta.0
Depends on vulnerable versions of @saltcorn/data
node_modules/@saltcorn/base-plugin
@saltcorn/mobile-builder *
Depends on vulnerable versions of @saltcorn/base-plugin
Depends on vulnerable versions of @saltcorn/data
Depends on vulnerable versions of @saltcorn/mobile-app
Depends on vulnerable versions of @saltcorn/sbadmin2
Depends on vulnerable versions of @saltcorn/server
Depends on vulnerable versions of webpack
node_modules/@saltcorn/mobile-builder
@saltcorn/sbadmin2 >=0.7.0-beta.0
Depends on vulnerable versions of @saltcorn/data
Depends on vulnerable versions of startbootstrap-sb-admin-2-bs5
node_modules/@saltcorn/sbadmin2
@saltcorn/server >=0.7.2-beta.0
Depends on vulnerable versions of @saltcorn/admin-models
Depends on vulnerable versions of @saltcorn/base-plugin
Depends on vulnerable versions of @saltcorn/data
Depends on vulnerable versions of @saltcorn/sbadmin2
Depends on vulnerable versions of resize-with-sharp-or-jimp
node_modules/@saltcorn/server
datatables.net <1.11.3
Severity: moderate
Cross site scripting in datatables.net - https://github.com/advisories/GHSA-h73q-5wmj-q8pj
fix available via `npm audit fix`
node_modules/datatables.net
datatables.net-bs4 1.10.16 - 1.10.25
Depends on vulnerable versions of datatables.net
node_modules/datatables.net-bs4
startbootstrap-sb-admin-2-bs5 *
Depends on vulnerable versions of datatables.net-bs4
node_modules/startbootstrap-sb-admin-2-bs5
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
No fix available
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
cordova 3.1.0-0.1.0 - 3.5.0-0.2.0 || 4.0.1 || >=5.4.0
Depends on vulnerable versions of cordova-create
Depends on vulnerable versions of cordova-lib
Depends on vulnerable versions of insight
Depends on vulnerable versions of update-notifier
node_modules/cordova
@saltcorn/mobile-app *
Depends on vulnerable versions of cordova
node_modules/@saltcorn/mobile-app
jsdom <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install @saltcorn/data@0.7.1, which is a breaking change
node_modules/jsdom
blockly 2.20190722.1 - 4.20210325.0-beta.3 || 5.20210325.1 - 9.1.1
Depends on vulnerable versions of jsdom
node_modules/blockly
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
insight *
Depends on vulnerable versions of request
node_modules/insight
node-gyp <=7.1.2
Depends on vulnerable versions of request
node_modules/node-gyp
@npmcli/run-script 1.1.1 - 1.8.6
Depends on vulnerable versions of node-gyp
node_modules/@npmcli/run-script
pacote 11.1.5 - 11.3.5
Depends on vulnerable versions of @npmcli/run-script
node_modules/pacote
cordova-fetch 3.0.1-nightly.2020.4.13.787574b1 - 3.1.1-nightly.2023.3.27.d7f5822a
Depends on vulnerable versions of pacote
node_modules/cordova-fetch
cordova-create 1.1.3-nightly.2017.12.15.8ff490ce - 1.1.3-nightly.2018.3.17.8ff490ce || 4.0.0-nightly.2021.11.2.70bc862c - 4.1.1-nightly.2023.3.27.002f2c57
Depends on vulnerable versions of cordova-fetch
node_modules/cordova-create
cordova-lib 7.0.2-nightly.2017.5.9.be7f7ac6 - 7.0.2-nightly.2017.9.24.e50c9b60 || 7.1.1-nightly.2017.10.10.708da2b8 - 7.1.1-nightly.2017.12.14.8ad0a8b9 || 8.0.1-nightly.2017.12.17.33ef33af - 8.0.1-nightly.2018.9.8.1bc9dd05 || 9.0.0-nightly.2018.9.13.87e9f5cd - 9.0.0-nightly.2019.2.17.7a5d4826 || 9.0.2-nightly.2019.4.2.c017729d - 10.0.0-nightly.2020.6.3.7a20be8b || 10.0.1-nightly.2020.7.28.1d98b57a - 12.0.0-nightly.2023.5.16.ac491cdc
Depends on vulnerable versions of cordova-fetch
node_modules/cordova-lib
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/jsdom/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie
webpack 5.0.0 - 5.75.0
Severity: critical
Cross-realm object access in Webpack 5 - https://github.com/advisories/GHSA-hc6q-2mpp-qw7j
fix available via `npm audit fix --force`
Will install @saltcorn/mobile-builder@0.7.2, which is a breaking change
node_modules/webpack
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install @saltcorn/server@0.7.1, which is a breaking change
node_modules/parse-bmfont-xml/node_modules/xml2js
parse-bmfont-xml *
Depends on vulnerable versions of xml2js
node_modules/parse-bmfont-xml
load-bmfont >=1.1.0
Depends on vulnerable versions of parse-bmfont-xml
node_modules/load-bmfont
@jimp/plugin-print *
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
@jimp/plugins *
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
jimp >=0.3.6-alpha.5
Depends on vulnerable versions of @jimp/plugins
node_modules/jimp
resize-with-sharp-or-jimp *
Depends on vulnerable versions of jimp
node_modules/resize-with-sharp-or-jimp
37 vulnerabilities (35 moderate, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
root@151320420f55:/usr/local/lib/node_modules/@saltcorn/cli# npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating @saltcorn/data to 0.7.1, which is a SemVer major change.
npm WARN audit Updating @saltcorn/mobile-builder to 0.7.2, which is a SemVer major change.
npm WARN audit Updating @saltcorn/admin-models to 0.7.1, which is a SemVer major change.
npm WARN audit Updating @saltcorn/server to 0.7.1, which is a SemVer major change.
npm WARN audit No fix available for @saltcorn/mobile-app@*
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated multer@1.4.4: Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.
npm ERR! code 1
npm ERR! path /usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp
npm ERR! command failed
npm ERR! command sh -c node-gyp rebuild
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using node-gyp@7.1.2
npm ERR! gyp info using node@18.19.0 | linux | x64
npm ERR! gyp info find Python using Python version 3.11.2 found at "/usr/bin/python3"
npm ERR! (node:623) [DEP0150] DeprecationWarning: Setting process.config is deprecated. In the future the property will be read-only.
npm ERR! (Use `node --trace-deprecation ...` to show where the warning was created)
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args 'binding.gyp',
npm ERR! gyp info spawn args '-f',
npm ERR! gyp info spawn args 'make',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp/build/config.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/root/.cache/node-gyp/18.19.0/include/node/common.gypi',
npm ERR! gyp info spawn args '-Dlibrary=shared_library',
npm ERR! gyp info spawn args '-Dvisibility=default',
npm ERR! gyp info spawn args '-Dnode_root_dir=/root/.cache/node-gyp/18.19.0',
npm ERR! gyp info spawn args '-Dnode_gyp_dir=/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp',
npm ERR! gyp info spawn args '-Dnode_lib_file=/root/.cache/node-gyp/18.19.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args '-Dmodule_root_dir=/usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp',
npm ERR! gyp info spawn args '-Dnode_engine=v8',
npm ERR! gyp info spawn args '--depth=.',
npm ERR! gyp info spawn args '--no-parallel',
npm ERR! gyp info spawn args '--generator-output',
npm ERR! gyp info spawn args 'build',
npm ERR! gyp info spawn args '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! Traceback (most recent call last):
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/gyp_main.py", line 51, in <module>
npm ERR! sys.exit(gyp.script_main())
npm ERR! ^^^^^^^^^^^^^^^^^
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 670, in script_main
npm ERR! return main(sys.argv[1:])
npm ERR! ^^^^^^^^^^^^^^^^^^
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 662, in main
npm ERR! return gyp_main(args)
npm ERR! ^^^^^^^^^^^^^^
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 629, in gyp_main
npm ERR! [generator, flat_list, targets, data] = Load(
npm ERR! ^^^^^
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 150, in Load
npm ERR! result = gyp.input.Load(
npm ERR! ^^^^^^^^^^^^^^^
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 3021, in Load
npm ERR! LoadTargetBuildFile(
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 411, in LoadTargetBuildFile
npm ERR! build_file_data = LoadOneBuildFile(
npm ERR! ^^^^^^^^^^^^^^^^^
npm ERR! File "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 239, in LoadOneBuildFile
npm ERR! build_file_contents = open(build_file_path, "rU").read()
npm ERR! ^^^^^^^^^^^^^^^^^^^^^^^^^^^
npm ERR! ValueError: invalid mode: 'rU' while trying to load binding.gyp
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
npm ERR! gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/@saltcorn/cli/node_modules/node-gyp/lib/configure.js:351:16)
npm ERR! gyp ERR! stack at ChildProcess.emit (node:events:517:28)
npm ERR! gyp ERR! stack at ChildProcess._handle.onexit (node:internal/child_process:292:12)
npm ERR! gyp ERR! System Linux 5.4.0-148-generic
npm ERR! gyp ERR! command "/usr/bin/node" "/usr/local/lib/node_modules/@saltcorn/cli/node_modules/.bin/node-gyp" "rebuild"
npm ERR! gyp ERR! cwd /usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/cli/node_modules/sharp
npm ERR! gyp ERR! node -v v18.19.0
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2024-01-09T06_48_49_047Z-debug-0.log
Feel free to close it as to the page-to-pdf issue.
And actually, the "File not found" issue is still present too :( only when you select "Save to file"
The files are actually saved on the server:
but checking "Save to file" always link to http://xx.yyy.zz/files/serve/undefined
Same here: "but checking "Save to file" always link to http://xx.yyy.zz/files/serve/undefined", current saltcorn installation under Debian, latest page_to_pdf module installed. Trying to find a way to get rid of that error and to store the created PDF as a Blob into a Table or the database. Will there be updates to the module?
@JuergenRosskamp are you deployed in a docker container or a normal install under debian?
I did a normal install under debian following your instruction in the wiki. I used a VPS.
OK, let's dive into the container /usr/local/lib/node_modules/@saltcorn/cli
Hmm, it doesn't install puppeteer, and it throws vulnerabilities. I couldn't fix the vulnerabilities using
npm audit fix --force
, nor update npm, because node is too old.