[Snyk] Upgrade node-opcua from 2.64.1 to 2.126.0 #55
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade node-opcua from 2.64.1 to 2.126.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 88 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-IP-6240864
SNYK-JS-JSRSASIGN-6070731
SNYK-JS-NODEOPCUA-2988723
SNYK-JS-NODEOPCUA-2988724
SNYK-JS-NODEOPCUA-2988725
SNYK-JS-SEMVER-3247795
SNYK-JS-IP-7148531
Release notes
Package name: node-opcua
What's Changed (minor change)
Full Changelog: v2.125.0...v2.126.0
What's Changed
🐛 Bug Fixes
packages/node-opcua-local-discovery-server/Dockerfile
to enhance security (Details).dockertest/Dockerfile
through necessary upgrades (Vulnerability Details).✨ Enhancements
ServerCapabilities_MinSupportedSampleRate
andServerCapabilities_MaxMonitoredItemsQueueSize
for improved server capability reporting.node-opcua-client-crawler
and introduced the professional module@ sterfive/crawler
for NodeOPCUA Subscription members.🛠 Maintenance and Refactoring
readNamespaceArray
andresolveNodeId
usage to optimize operations.resolveNodeId
.recreateSubscriptionAndMonitoredItem
to an async method for better performance.Added useful exports in
node-opcua-client` to enhance module usability.withSessionAsync
for improved test efficiency.perform operation on client session
in test-helper for enhanced testing capabilities.readNamespaceArray
to use cache, reducing processing time.🚀 New Features
NodeId.toString({namespace})
to produce 'nsu=someuri;i=1223' form nodeid string, enhancing node identification clarity.🔧 Deprecated
OPCUAClient.withSession
as part of ongoing API cleanup.📦 Updates
Security Enhancements
Full Changelog: v2.124.0...v2.125.0
What's changed:
Version 2.124.0 of our software introduces significant enhancements to the client automatic reconnection mechanism
🐛 Bug Fixes
nodeVersion
operates properly when a node belongs to a custom namespace, maintaining namespace integrity.raiseEvent
method signature in TypeScript, aligning it with expected type definitions.Security Updates
packages/node-opcua-local-discovery-server/Dockerfile
by upgrading dependencies to address security concerns highlighted by Snyk (Vulnerability 1, Vulnerability 2).✨ Enhancements
findEndpoint
now uses the same connection strategy as the parent OPCUAClient, harmonizing connection behaviors across the client.createMonitoredItemsLimit
to avoid usingmaxMonitoredItemsPerCall=0
, optimizing monitoring efficiency.🛠 Maintenance and Refinements
setNextSubscriptionId()
to imitate open62541 behavior, enhancing subscription management capabilities.What's Changed
[NODE-OPCUA-W33]
if there's a notable time difference between the server's time and the local time on the computer where the OPCUA client is running. This enhancement aims to make it easier to identify servers with time synchronization issues (#1349) (#1351).🎉 Special kudo to EirikVea for nailing the root cause.
the warning message looks like:
`
securityPolicies
parameter in the OPCUA Server constructor. (#1348)Default policies used if
securityPolicies
is not specified:We reintroduced PKCS1 padding (Issue #1347), which was previously removed in version 2.122.0, due to Node.js discontinuing support for PKCS padding with private key encryption. However, this reintroduction comes with a caveat for users of Node.js versions newer than 18.11.1 or NodeJS > 20.11.1. To enable PKCS1 padding, you must include the argument --security-revert=CVE-2023-46809 when running the Node.js executable. This step reverses a security fix in Node.js, allowing PKCS1 padding to function. Failure to apply this workaround may result in connectivity issues between the Client and Server when interacting with devices that still utilize the now-deprecated 128Rsa15 security policy for channel or user token encryption.
We found out that the recent version of NodeJS now emits an AggregateError instead of a Error on windows when multiple network cards are present, causing the connection mechanism to struggle, this only affects Node 20.11.1 on windows as far as we are aware [b4ff258]
details
🐛 Bug Fixes
✨ Enhancements
[92dd8db] Display warning when the nodejs
--security-revert=CVE-2023-46809
command line option needs to be used to allow legacy Basic192Rsa15 encryption and server ( in 20.11.1 and 18.11.1 onward)🛠 Maintenance
👬🏽 contributors
Full Changelog: v2.122.0...v2.123.0
🌟 Join the NodeOPCUA Support Network! 🌟
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
OpenCollective.
🤝 Your support is crucial!
Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱
🌍 Together, we can drive the future of node-opcua forward! 🌍
What's Changed
🚨 Security update
For instance, when OPCUAClient encounters multiple identity token policyId for the same tokenType, the OPCUClient will select the policyId that provides the most robust encryption method. It will also avoid using Basic192RSA15, which is now deprecated in NodeJS 20.11.1 onward, to fix CVE-2023-46809.
Full Changelog: v2.121.0...v2.122.0
Release Notes
🐛 Bug Fixes
d81924c60
Adjust UAVariable: fixing #1342 by forcing timestamp to be set when a simple variable getter is usedef9878409
Fix ambiguous abstract DataType with encoding while loading nodeset2 xml3b8613468
Server: monitored item; fix keep alive and resendInitialValue behavior7d161b074
Server channel: fix channel termination in registerChannelea7fac356
Fix release continuation point behaviorf521d25cb
Fix eventNotifier type to be a EventNotifierFlags in InstantiateObjectOptionse85efe29f
Fix boiler instantiation by specifying the correct value for event notifier7c42fe464
Ensure event notifier flag SubscribeToEvents automatically set when an object has EventSource or Notifieraacd2c86c
Fix default variable matrix value while loading nodeset2.xml7fb5d7c88
Fix a bug causing the server to crash while raising AuditCertificate Events1e51b2184
Call should return BadMethodInvalid instead of BadNodeIdUnknown when MethodId doesn't exist or is not a methode482774c8
BadChannelIdInvalid should be returned in a ServiceFault instead of a Valid Requestaae18eed7
Issue #1320 bug-fix: now instantiating variable with same name as parent objectType.b9503fdf4
Issue #1326 bug-fix: no longer adding nodes from an unrelated object type to a node with the same browseName.🛡️ Security Updates
8ec25b71a
Deprecate RSAPKCS1V15_Decrypt due to CVE-2023-4680997568f4bf
Update packages - node-opcua-crypto@4.8.0 CVE-2023-468090a27cef67
Fix: dockertest/Dockerfile to reduce vulnerabilitiesce26af470
Fix: packages/node-opcua-local-discovery-server/Dockerfile to reduce vulnerabilities✨ Enhancements
9ebe882e6
Feat: add description and displayName to base object when crawling17b48cc99
ArgumentList: verifyArgumentList returns BadTypeMismatch if at least one argument has a BadTypeMismatch status codeea7fac356
Fix release continuation point behavior🛠 Maintenance
c38096565
Adjust flaky test on windows2eca643f2
Chore: reduce verbosity in test862ae72f5
Chore: adjust temporary folder location in tests22606c59b
Update CTT.xmladf2b22e9
CTT: ensure keepAlive is sent after 1xpublishInterval first time77ccf6417
Refactor: server tests to typescript88ba311f5
Add leak detector in test794e35cd1
Chore: fix typescript error in test47c75b7fb
Address space for ctt: fix matrix variables4610fa986
Chore: adjust TCP socket in testcd8d2705b
Chore: server_tcp_transport cleanup4e75b2d5a
ServerSecureChannel: return ServiceFault when OpenSecureChannel fails52388f80c
Chore: remove unused importb7b1f62ab
Chore: improve log messagedd8872782
Chore: fix typos in commentsf85e696f4
Chore: fix typescript issue2e60c9984
Chore: fix timer id déclaration515303c2f
Chore: improve error message in internalDecodeVariant, when matrices are inconsistent1dd5562a0
Update standard UA nodeSet2.xml to version 1.5.3e8d592bb9
Update standard status codesd5f8f15c3
Improve Variable value set typescript definition and add new async mode👬🏽 Contributors
What's Changed
New Contributors
Full Changelog: v2.120.0...v2.121.0
Release note for v2.200.0
🐛 Bug Fixes
[521f18d2f]
Fixes #1277 - Instantiating ObjectType with two Folders[744648e3f]
Relax Encoding detection to cope with bugs in python's asyncua - fixing #1232[56b40b191]
ClientSecureChannel: fix connection issue highlighted when server imposes maxChunk=1 #1335 #1263[2372431fd]
Ensure client.isReconnecting=true when client emits the 'connection_reestablished' event fixing #1331✨ Enhancements
[45240f862]
Add example for GitHub #1232🛠 Maintenance
[a0234bbb5]
Update packages[37e181611]
Add open collective badges[2e6d5937b]
Update book URL[85bee187a]
Update lock file[af3520542]
Update copyright year[f3d452bd6]
Fix copyright year and other adjustments👬🏽 contributors
🌟 Join the NodeOPCUA Support Network! 🌟
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
OpenCollective.
Your support is crucial! 🤝
Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱
🌍 Together, we can drive the future of node-opcua forward! 🌍
v2.119.2
v2.119.1
Release Notes for 2.119.0
🐛 Bug Fixes
✨ Enhancements
🛠 Maintenance
👬🏽 contributors
🌟 Join the NodeOPCUA Support Network! 🌟
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on OpenCollective. Your support is crucial! 🤝
Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱
🌍 Together, we can drive the future of node-opcua forward! 🌍
We're profoundly grateful for your continued support and commitment to our mission! 💕👐
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmNWE4YjQ0OC00YWQzLTQ0MTQtOGU3OC00Mj...