Wappler NodeJS Projects are currently using express-redis-cache npm library for cache system with Redis.
The Project has been abandoned for nearly 5 years now, the last release being 1.1.3 on Jun 28, 2018.
As it’s built on “redis”: “^2.4.2”, SAST-based tools are picking it up as a vulnerability.
Can we have an alternate package to this in wappler, one which is supported and updated with the latest redis or atleast 3.1.2
There seems to be a fork that is up-to-date and uses the same API. Or do you have other suggestions as a replacement?
Does ioredis not serve as an alternative @patrick?
This too is based on redis 2.4.2
Maybe https://github.com/node-cache-manager/node-cache-manager-redis-yet
Or https://github.com/dabroek/node-cache-manager-redis-store
This fork is not available any more.
Any idea how to replace this to solve a high severity vulnerability?
redis 2.6.0 - 3.1.0
Severity: high
Node-Redis potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3
fix available via `npm audit fix`
node_modules/express-redis-cache/node_modules/redis
Next update will remove the express-redis-cache dependency and use a custom middleware for caching. Redis package will be updated to version 4.
this was solved in the Wappler 5.8.0