3.8.0 Upgrade Support
-
@Teemberland can you run
npm install
before the upgrade? -
@phenomlab ahh it's telling me that my custom theme isn't registered on npmjs.org. I've been using the custom theme (local machine), so I believe it is installed correctly. Is there a way to bypass this message?
npm ERR! code E404 npm ERR! 404 Not Found - GET https://registry.npmjs.org/nodebb-theme-custom-theme - Not found npm ERR! 404 npm ERR! 404 '[email protected]' is not in this registry. npm ERR! 404 npm ERR! 404 Note that you can also install from a npm ERR! 404 tarball, folder, http url, or git url.
-
-
@baris I was getting the same error after deleting package-lock.json and node_modules. So I deleted the custom theme in package.json and it allowed me to run npm i. I'm also able to upgrade to the latest.
now my question is, what is the proper way of installing my custom theme locally?
-
@baris said in 3.8.0 Upgrade Support:
Running npm i might remove the symlink though.
Unfortunately yeah, npm i removed any existing symlinks.
What I've found works for me is to set up an npm "postinstall" script to symlink my plugins and themes back
-
cool, thanks guys. npm link seems to be working for now.
-
npm audit showed some vulnerabilities after upgrade from 3.6.6. Is it safe to run "npm audit fix" or indeed "npm audit fix --force"? Are the vulns from plugins? How do I know which?
# npm audit report bootbox * Severity: moderate Bootbox.js Cross Site Scripting vulnerability - https://github.com/advisories/GHSA-m4ch-4m5f-2gp6 No fix available node_modules/bootbox braces <3.0.3 Severity: high Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg fix available via `npm audit fix` node_modules/braces request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/request akismet >=1.0.0 Depends on vulnerable versions of request node_modules/akismet nodebb-plugin-spam-be-gone >=0.4.5 Depends on vulnerable versions of akismet node_modules/nodebb-plugin-spam-be-gone coveralls * Depends on vulnerable versions of request node_modules/coveralls tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/request/node_modules/tough-cookie ws 8.0.0 - 8.17.0 Severity: high ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q fix available via `npm audit fix` node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws engine.io 0.7.8 - 0.7.9 || 6.0.0 - 6.5.4 Depends on vulnerable versions of ws node_modules/engine.io engine.io-client 0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.5.3 Depends on vulnerable versions of ws node_modules/engine.io-client 10 vulnerabilities (6 moderate, 4 high)
-
Hi, I upgraded from 3.8.1 to 3.8.4 and now get an error (maybe) when starting nodebb with ./nodebb start:
Starting NodeBB "./nodebb stop" to stop the NodeBB server "./nodebb log" to view server output "./nodebb help" for more commands Process "20754" from pidfile not found, deleting pidfile
...and forum is not running and ./nodebb status also returns 'NodeBB is not running'. Googled this and someone suggest I delete pidfile so I did, tried starting again and there's no pidfile message but it's still not running. Starting yet again takes me back to the pidfile output.
Ny node --version is v21.6.1
Bye!
Mark -
Solved! I needed to npm install nodebb/spider-detector
I did try an npm update but that didn't install this I guess. I thought npm update and package.json was supposed to take care of node dependencies, is this not the case? My nodejs knoweldge is only decent when I'm actively using it, and it's been a while...
Apart from a git checkout, what else should I be doing when upgrading?
I guess a ./nodebb build is probably also a good idea?
Bye!
Mark -