[Snyk] Upgrade node-opcua from 2.81.0 to 2.110.0

[biancode]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-opcua from 2.81.0 to 2.110.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 35 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-08-17.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-opcua

• 2.110.0 - 2023-08-17
  

  🐛 bug fix

  • this release fixes #1289, whereby the new X509 certificate generation method based used by node-opcua-crypto could randomly crash.
  • this version relies on node-opcua-crypto@4.2.0.

  👬🏽 contributors:

  • @ sseiber
• 2.109.0 - 2023-08-15
  

  🚀 enhancement

  • [c789a36] addressSpace: BaseNode now expose a setDescription and setDisplayName to enable dynamic change. ( resolves #1284 )

  🚧 maintenance

  • [c15331d] remove eumabois
  • [6367995] fix NodeJS.Timeout issue caused by latest @ types/node ts definition.

  🐛 bug fixes

  • [e0d5581] [address-space-base] don't use chalk module - fix issue#1285
  • [6eefed7] add regression test and investigation code for #1289

  👬🏽 contributors

  • @ ptorrent , @ sseiber

  🧨 known issues:

  • this version introduces a new way of creating privateKeys and Certificate that do not relies on openssl any more but on the newly introduce WebCrypto API in nodeJS , when it's availbalbe or fall back to a polyfill @ pecular/X509 when the suble api is not available.
    ( see #1289 )
    we recommand you use node-opcua@2.110.0 instead
• 2.108.0 - 2023-07-18
  

  📛 known issues

  • this version introduces a new way of creating privateKeys and Certificate that do not relies on openssl any more but on the newly introduce WebCrypto API in nodeJS , when it's availbalbe or fall back to a polyfill @ pecular/X509 when the suble api is not available.
  • We discovered after releasing 2.108 that the suble API may not behave consistently between nodejs version.
  • We recommand that you use node-opcua@2.108 with nodejs 20.5 or above or with nodejs 16.20 and avoid specifically nodejs 18.x version and version nodejs<=20.04. see #1289

  🐛 bug fixes:

  • 1a06642 properly enum values to coerceInt64 while parsing nodeset2.xml files
  • 9024dda add more unittest for coerceInt64
  • 83bca12 fix enum default value issue

  🚀 enhancements:

  • 8318259 add extract field in pseudo session.
  • 8571c54 1cd110f refactor extractConditionFields.
  • 72dfbf8 refactor constructEventFilter and constructSelectClause.
  • 2e9e962 loading old nodesets : better detection and handling of <1.03 nodesets in server

  💕 typos fixes that could introduce breaking changes

  • 4c82abc chore: fix PseudoVariant definition typo
  • 66d7047 fix acknwoledgeAllConditions spelling

  🚧 maintenance

  • 3086de3 chore: use warningLog
  • 9ff68ba chore: invalidPrivateKey now null
  • 6f79f83 chore: clean-up crypto imports
  • 9187aac update packages
  • c838dcd chore: fix spelling error in trace and comments
  • a348156 chore: fix eslint script typo
  • 53c90b3 chore: turn warning to debug message
• 2.107.0 - 2023-07-11
  

  This version brings significant improvements on the server side with a better handling of StateMachine object;

  StateMachine internals are now fully handled by node-opcua ;

  • the AvailableStates and AvailableTransitions variables are automatically populated if they exist on the model.
  • TransitionTime, EffectiveDisplayName are now automatically update if present in the model , when the state changes.
    On StateMachine with SubState, the EffectiveTransitionTime variable of the parent state is automatically updated when the stat of the substate machine changes.

  🚀 enhancements

  • server: implement automatic support for EffectiveTransitionTime on FiniteStateMachine d5493c1
  • server : StateMachine setState and lastUpdateDate implemened fba2813

  🐛 bug fixes

  • server: handle with a warning instead of throwing in a error for case where a Variable refers to a TypeDefinition being a ObjectType instead of a VariableType f6831cc
  • server: fix potential crashes in deactivateAlarm bade5e2
• 2.106.0 - 2023-06-30
  

  🚀 Enhancement

  • 472f424 expose BaseNode#setDescription #1284
  • b3ac8eb implement UAView#dumpXML

  🐛 bug fix

  • 283bd1f improve client reconnection when ActivateSession returns BadUserAccessDenied
  • 5c3f84e improve warningLog for buffer inconsistency

  🧑‍🏭 maintenance and refactoring

  • 199348a d828855 chore: minor test adjustment
  • 4dfb651 29b18e3 f1e1061 08024e5 8aa8944 f4dfe99 asyncify ServerEngine
  • 5b6228e client: silently ignore server message sent after channel have been closed by client

  👭🏽 contributors:

  • @ ptorrent

  As we continue to refine and expand node-opcua, we warmly welcome sponsorships and contributions via our membership program at Sterfive or through OpenCollective. Your generous support empowers us to innovate and foster a community built on shared knowledge and creativity. Together, we are shaping the future of node-opcua!

• 2.105.1 - 2023-06-16
  

  v2.105.1

• 2.105.0 - 2023-06-10
  

  🐛 Bug Fixes

  • Resolved an issue with OPCUAClient#emit('connection_failed',...) where connection failures were not handled correctly. This fix should provide a more robust experience in scenarios with unstable connections. bd5dc55

  🔧 Maintenance Tasks

  • For better debugging experience, we've removed the use of console.log in the codebase (#1279) 65deea0). This should help to clean up the console output and improve readability during development.

  • We've corrected lerna.json configurations after upgrading to version 7. 65deea059ec1cb5fa8f19bfc9c441003ee56e46

  👬🏽 contributors

  • special thanks to @ everhardt
• 2.104.0 - 2023-06-05
  Read more
• 2.103.0 - 2023-05-05
  Read more
• 2.102.0 - 2023-05-02
  Read more
• 2.101.0 - 2023-05-01
• 2.100.0 - 2023-04-14
• 2.99.0 - 2023-04-11
• 2.98.2 - 2023-04-10
• 2.98.1 - 2023-04-10
• 2.98.0 - 2023-04-09
• 2.97.0 - 2023-04-05
• 2.96.0 - 2023-03-24
• 2.95.0 - 2023-03-18
• 2.94.0 - 2023-03-14
• 2.93.0 - 2023-03-13
• 2.92.0 - 2023-03-12
• 2.91.1 - 2023-02-24
• 2.91.0 - 2023-02-17
• 2.90.1 - 2023-02-15
• 2.90.0 - 2023-01-29
• 2.89.0 - 2023-01-22
• 2.88.0 - 2023-01-03
• 2.87.0 - 2022-12-18
• 2.86.1 - 2022-12-16
• 2.86.0 - 2022-12-15
• 2.85.0 - 2022-11-25
• 2.84.0 - 2022-11-18
• 2.83.0 - 2022-11-14
• 2.82.0 - 2022-10-27
• 2.81.0 - 2022-10-11

from node-opcua GitHub release notes

Commit messages

Package name: node-opcua

• f419b91 v2.110.0
• 11e6e12 update to node-opcua-cryto@4.2.0 to fix #1289
• 50cfa07 v2.109.0
• 6eefed7 add regression test code for #1289
• f51277e remove nyc and coverage from package.json, they are installed independantly during ci phase
• 6367995 fix NodeJS.Timeout issue caused by latest @ types/node ts definition refinement
• 8b3716d update packages and to node-opcua-crypto@4
• 8d89478 update to node-opcua-crypto@4 beta
• e0d5581 address-space-base: don't use chalk module - fix issue#1285
• c15331d eumabois
• 89484b0 update gitignore
• f7dd04d chore: reduce verbosity
• c789a36 BaseNode: expose setDescription and setDisplayName
• dc706ce v2.108.0
• 9ff68ba chore: invalidPrivateKey now null
• 6f79f83 chore: clean-up crypto imports
• a348156 chore: fix eslint script typo
• 9187aac update packages
• c838dcd chore: fix spelling error in trace and comments
• 66d7047 fix acknwoledgeAllConditions spelling
• 8571c54 refactor extractConditionFields
• 3086de3 chore: use warningLog
• 72dfbf8 refactor constructEventFilter and constructSelectClause
• 1cd110f add unit test for extractFields

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Greet Contributors Bot
Thank you for taking your time and effort for your contribution, we truly value it. 🎉

The amazing contributor in this pull request is @snyk-bot