500 server error (navigating to /render) plus - Install after clone repo shows vulnerabilities that break app if fixed
webtalk16 opened this issue · comments
My app comes up okay when navigating to my deployed rendertron instance.
When going to "/render" plus adding the url, either from the address bar
or adding the url to the UI, I get a 500 server error.
-------- Update 1 --------
Getting 500 server error (navigating to /render) without running audit fix
I had a previous version running smoothly.
Things I've changed since working version:
- Enabled Rendertron's cache by creating a new file called config.json.
contents:
{ "datastoreCache": true }
This is recommended by google tutorial but did not add it in my previous working version
(https://developers.google.com/search/blog/2019/01/dynamic-rendering-with-rendertron) - In app.yaml changed
(to save money, I was receiving a large bill with almost no traffic yet):
instance_class: from F4_1G to F1
used "max_instances: 1" instead of "min_instances: 1"
Could either 1 or 2 be a reason for getting a 500 server error?
-------- Update 1 --------
-------- Update 2 --------
Viewing operations Logging on GCP when navigating to myapp..../render/url.....
I receive the following error:
Exceeded hard memory limit of 256 MB with 268 MB after servicing 1 requests total. Consider setting a larger instance class in app.yaml
Apparently F1 instance class is not enough to run the rendertron app.
Please help with info on what the minimum instance class that can be used and still run smoothly?
-------- Update 2 --------
After cloning repo and installing,
vulnerabilities come up.
When running fix
npm audit fix "OR" npm audit fix --force
It breaks the app.
When I did only audit fix without force,
it worked locally but after deploying,
(gcloud app deploy app.yaml --project YOUR_PROJECT_ID),
using "/render" (plus url to render) after my app's url
returns a 500 server error
Steps taken:
RAN ----> git clone https://github.com/GoogleChrome/rendertron.git
RAN ----> cd rendertron
NOTE ----> Logs in Terminal after running "npm install" then "npm audit":
RAN ----> npm install
added 671 packages, and audited 672 packages in 2m
5 vulnerabilities (4 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
RAN ----> npm audit
npm audit report
hosted-git-info <3.0.8
Severity: moderate
Regular Expression Deinal of Service - https://npmjs.com/advisories/1677
fix available via npm audit fix --force
Will install ava@2.4.0, which is a breaking change
node_modules/hosted-git-info
normalize-package-data 2.0.0 - 2.5.0
Depends on vulnerable versions of hosted-git-info
node_modules/normalize-package-data
read-pkg <=5.2.0
Depends on vulnerable versions of normalize-package-data
node_modules/read-pkg
ava >=3.0.0-beta.1
Depends on vulnerable versions of read-pkg
node_modules/ava
lodash <4.17.21
Severity: high
Command Injection - https://npmjs.com/advisories/1673
fix available via npm audit fix
node_modules/lodash
5 vulnerabilities (4 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
In general, as we're deprecating the project, you should look into alternative approaches to rendering on the web.