Need to address high vulnerability inside lumber-forestadmin npm package

Need to address high vulnerability in following package. Is there any alternative package available to connect directly all model to forestadmin

lumber-forestadmin@1.5.1
±- forest-express-mongoose@4.1.2
| -- forest-express@4.0.1 | – express-jwt@5.3.1
-- forest-express-sequelize@4.0.2 – forest-express@4.0.1
`-- express-jwt@5.3.1

When i removed above package directly use forest-express-mongoose@latest, Connection fail with error route not found

Hello @Sankalp_Mehta et welcome to our community forums !

Thanks for your message, but I’m not sure to understand how I can help you here. Have you found a vulnerability in of our packages ?

Could you give me a little bit more details about your problem :slightly_smiling_face:

Have a nice day !

Yes vulnerability was found in forest-express-mongoose@4.1.2 version it was releated to express-jwt@5.3.1

Currently I am only using upgrade version remforest-express-mongoose removed lumber-forestadmin

– forest-express-mongoose@6.3.4

Then getting following error
Route not found error
for the all forest endpoint

Route not found: /forest/stats/{{collection name}}

Here is the code after upgrading to v6

(async () => {
app.use(
await require(‘forest-express-mongoose’).init({
modelsDir: XXXXXX+’/models’,
envSecret: XXXXXXX,
authSecret: XXXXXXX,
mongoose: require(‘mongoose’),
}),
);
})();

Hello @Sankalp_Mehta !
lumber-forestadmin is an old package that we don’t support anymore.
Did you follow the upgrade steps of the documentation for each version of forest-express-mongoose ? For v6 you can find them here (and here for v5)

@Nicolas_Sailly Yes have gone through documentation for both version , We are not using any smart actions. Models are directly exposed for forestadmin

We are using only following code

(async () => {
app.use(
await require(‘forest-express-mongoose’).init({
modelsDir: XXXXXX+’/models’,
envSecret: XXXXXXX,
authSecret: XXXXXXX,
mongoose: require(‘mongoose’),
}),
);
})();

It should look like this :thinking:

module.exports = async function (app) {
  app.use(await Liana.init({
    modelsDir: path.join(__dirname, '../models'),
    configDir: path.join(__dirname, '../forest'),
    envSecret: process.env.FOREST_ENV_SECRET,
    authSecret: process.env.FOREST_AUTH_SECRET,
    mongoose,
  }));
1 Like