[Snyk] Upgrade node-opcua from 2.64.1 to 2.136.0

[biancode]

Snyk has created this PR to upgrade node-opcua from 2.64.1 to 2.136.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 99 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	696	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	696	Proof of Concept
	Observable Discrepancy SNYK-JS-JSRSASIGN-6070731	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NODEOPCUA-2988723	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NODEOPCUA-2988724	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NODEOPCUA-2988725	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	696	Proof of Concept

Release notes

Package name: node-opcua

• 2.136.0 - 2024-11-11
  

  Full Changelog: v2.135.0...v2.136.0

  fix xml namespace output for LocalizedText and QualifiedName

• 2.135.0 - 2024-11-11
  

  v2.135.0

• 2.134.0 - 2024-11-10
  

  Release Notes for 2.134.0

  🐛 Bug Fixes

  • d6e10b1: Addressed issues with long package version strings to prevent errors during package operations.
  • a0b0990: Fixed the IBasicSessionAsync definition to align with expected interface functionalities.
  • d1c0f67: Corrected structure handling with enums, ensuring proper functionality when using structured data types.
  • 093ac7d: Resolved loading issues for nodesets containing Matrix UAVariable with fixed dimensions and missing values, enhancing data integrity and accessibility.

  ✨ Enhancements

  • 6753d62: Added tests for reconstructing alarms, improving coverage and reliability of alarm functionalities.
  • 222ada5: Optimized node-opcua-crypto imports to avoid Node.js dependencies whenever possible, enhancing modularity and reducing overhead.
  • 3f647a1: Adjusted fixGetMonitoredItemArgs for better argument handling in monitored items.

  🛠 Maintenance and Refactoring

  • b101da5: Conducted minor refactoring to streamline codebase and improve maintainability.
  • 4454278: Adjusted DataValue encoding to enhance data serialization and transmission.
  • f41116c: Updated packages to maintain software reliability and security with the latest versions.

  🔧 Configuration and Setup

  • 7427206: Updated module resolution strategy to NodeNext, preparing for future Node.js releases and ensuring compatibility.

  📦 Package Updates

  • c83e1a0: Updated various packages to enhance functionality and security.
  • f41116c: Further package updates to align with new dependencies and security patches.

  Documentation and Miscellaneous

  • dad03a5 clean up documentation comments and fix generation issues, ensuring clarity and usability of developer resources.
• 2.133.0 - 2024-09-25
  

  Summary:

  • This release includes an update to [email protected] that addresses issues with the evaluation of X509 certificates containing the "otherNames" field in the subjectAltName. This fix resolves difficulties that node-opcua clients previously encountered when connecting to OPC UA servers, such as the OPC Router.

  • This version also resolves a stability issue where the serverTimestamp from a UAVariable within the OPC UA Server could be updated unexpectedly

  • work in progress: we have performed general cleanup of documentation to remove outdated or redundant information, in order to fix autogenerated document (addressing #1389)

  Full Changelog: v2.132.0...v2.133.0

  🐛 Bug Fixes

  • 7316079: Fixed rimraf usage following package update to ensure proper cleanup operations.
  • afd1519: Fixed an issue with long package version strings that could cause errors in package management processes.
  • ba147c4: Ensured server timestamps are not overwritten in apply_timestamps_no_copy, preserving data integrity.

  ✨ Enhancements

  • 205c1ae: Added typedoc.json to enhance documentation generation capabilities.

  🛠 Maintenance and Refactoring

  • b2d1a53: Reduced debug verbosity to streamline output and improve performance.
  • e121df5: Bumped rimraf package version to align with the latest improvements and security features.
  • 2d3ce5b: Updated packages, including a bump to [email protected], enhancing security and functionality.
  • dad03a5: Cleaned up documentation comments and fixed documentation generation, improving the clarity and usability of API docs.
  • 463a228: Performed general cleanup of documentation to remove outdated or redundant information.
  • 2830563: Updated README.md to reflect the latest changes and provide users with up-to-date information.

  👬🏽 contributors

  • AndreLeifert
• 2.132.0 - 2024-09-13
  

  Release Notes for 2.132.0

  🚀 New Features

  • [4a6b491] Added UAVariable#changeDataType method, allowing dynamic changes to variable data types within the model after the variable has already been created.

  🐛 Bug Fixes

  • [4da75a5] Fixed an issue with BaseNode parent JavaScript property reconstruction when a child node is recreated.

  ✨ Enhancements

  • [02c016b] Deprecated minDate and minOPCUADate in favor of getMinOPCUADate(), to fix a wierd behavior introduced in [email protected] related tests.

  🛠 Maintenance and Refactoring

  • [3fa95c7], [0979dc7] Updated packages to the latest versions to enhance security and performance.
  • [b1236b6` Updated the README to reflect the latest changes and provide better guidance to new users.
  • [e6c9a4a] Corrected minor typos throughout the codebase, improving the clarity of the documentation.
  • [60c2760] Removed unnecessary assertions from the code, simplifying and optimizing performance.
  • [af91638] Adjusted documentation to address issue #1380, enhancing user understanding and compliance with standards.
• 2.131.0 - 2024-09-13
  

  v2.131.0

• 2.130.0 - 2024-07-30
  

  Full Changelog: v2.129.0...v2.130.0

  🚨 hot fix

  • [ 20f1e8f ] This version fixes a bug introduced during a debugging session in v2.129.0 causing secure connection to fail if first certificate in the chain was greater than 1600 bytes, where it shouldn't

  We encourage you to use v2.130.0 over v2.129.0

• 2.129.0 - 2024-07-17
  

  This release solidifies the software's architecture with extensive refactoring, enhances security measures, and improves the overall robustness of the system. Each change is targeted to provide better performance, security, and user experience.

  Release Notes for 2.129.0

  🐛 Bug Fixes

  • [7c65dd6] Fixed issue #1378 by only displaying the warning message when it is relevant, improving user experience and reducing unnecessary notifications.
  • [263b971] Refactored SecureChannel and addressed ChannelSecureToken renewal issues, enhancing the security and reliability of the communication channels.

  ✨ Enhancements

  • [30257d8] Prevented the use of the no longer supported Basic128Rsa15 with NodeJS v22, aligning with newer security standards and ensuring compatibility.
  • [24a52d4] Added a demo client with fast security token renewal, showcasing the capabilities and improvements in security token handling.
  • [af235f1] Turned generateAddressSpace and getMiniAddressSpace into await/async functions exclusively and improved error handling in loadnodeset2, ensuring more robust and error-free operations.

  🛠 Maintenance and Refactoring

  • [3fb4321] Adjusted tests to improve reliability and coverage.
  • [01ae403] Updated CI/CD scripts to enhance automation processes and deployment efficiency.
  • [ee5e676] Updated packages to the latest versions for improved security and performance.
  • [ca5cfd5] Refactored the ServerOpenSecureChannel layer, optimizing code and improving performance.
  • [db6fded] Added node-opcua-client for deeper dependency management.
  • [ba93a66] Improved code formatting across various modules.
  • [cc0ba72] Refactored chunk manager to enhance data handling and performance.
  • [f237763] Refactored transport module for better performance and reliability.
  • [251125f] Refactored tests to align with latest code changes and improve testing processes.
• 2.128.0 - 2024-07-02
  

  Release Notes for 2.128.0

  🐛 Bug Fixes

  • [c71e69a] Improved the connection closure process by ensuring the client doesn't wait too long before closing the connection if the server doesn't close the socket after a CloseSecureChannelRequest. This addresses issue #1377 and enhances client-server communication reliability.

  ✨ Enhancements

  • [d693345] Improved the handling of abandoned connections during the HelAck phase.
  • [fc7b56e] Enhanced the DataType extraction strategy, improving the efficiency and accuracy of data handling within the application.

  🛠 Maintenance and Refactoring

  • [8cd3a0f] Updated packages to the latest versions to ensure security and performance improvements.
  • [db773c6] Updated and cleaned up packages, removing outdated or unnecessary dependencies to streamline operations and improve maintenance efficiency.

  👬🏽 contributors

  • @ szakharchenko

  Full Changelog: v2.122.0...v2.123.0

  🌟 Join the NodeOPCUA Support Network! 🌟
  NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀

  We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on

  OpenCollective.

  🤝 Your support is crucial!

  Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱

  🌍 Together, we can drive the future of node-opcua forward! 🌍

  Full Changelog: v2.127.1...v2.128.0

• 2.127.1 - 2024-06-27
  

  v2.127.1

• 2.127.0 - 2024-06-27
• 2.126.0 - 2024-06-18
• 2.125.0 - 2024-06-05
• 2.124.0 - 2024-04-08
• 2.123.0 - 2024-03-10
• 2.122.0 - 2024-02-28
• 2.121.0 - 2024-02-25
• 2.120.0 - 2024-01-21
• 2.119.2 - 2023-12-25
• 2.119.1 - 2023-12-25
• 2.119.0 - 2023-12-23
• 2.118.0 - 2023-11-20
• 2.117.0 - 2023-11-13
• 2.116.0 - 2023-11-03
• 2.115.0 - 2023-10-04
• 2.114.0 - 2023-10-02
• 2.113.2 - 2023-12-23
• 2.113.1 - 2023-12-22
• 2.113.0 - 2023-09-07
• 2.112.0 - 2023-09-06
• 2.111.0 - 2023-09-03
• 2.110.0 - 2023-08-17
• 2.109.0 - 2023-08-15
• 2.108.0 - 2023-07-18
• 2.107.0 - 2023-07-11
• 2.106.0 - 2023-06-30
• 2.105.1 - 2023-06-16
• 2.105.0 - 2023-06-10
• 2.104.0 - 2023-06-05
• 2.103.0 - 2023-05-05
• 2.102.0 - 2023-05-02
• 2.101.0 - 2023-05-01
• 2.100.0 - 2023-04-14
• 2.99.0 - 2023-04-11
• 2.98.2 - 2023-04-10
• 2.98.1 - 2023-04-10
• 2.98.0 - 2023-04-09
• 2.97.0 - 2023-04-05
• 2.96.0 - 2023-03-24
• 2.95.0 - 2023-03-18
• 2.94.0 - 2023-03-14
• 2.93.0 - 2023-03-13
• 2.92.0 - 2023-03-12
• 2.91.1 - 2023-02-24
• 2.91.0 - 2023-02-17
• 2.90.1 - 2023-02-15
• 2.90.0 - 2023-01-29
• 2.89.0 - 2023-01-22
• 2.88.0 - 2023-01-03
• 2.87.0 - 2022-12-18
• 2.86.1 - 2022-12-16
• 2.86.0 - 2022-12-15
• 2.85.0 - 2022-11-25
• 2.84.0 - 2022-11-18
• 2.83.0 - 2022-11-14
• 2.82.0 - 2022-10-27
• 2.81.0 - 2022-10-11
• 2.80.0 - 2022-10-10
• 2.79.1 - 2022-10-03
• 2.79.0 - 2022-10-02
• 2.78.0 - 2022-09-27
• 2.77.0 - 2022-09-08
• 2.76.2 - 2022-09-03
• 2.76.1 - 2022-09-01
• 2.76.0 - 2022-09-01
• 2.75.0 - 2022-08-23
• 2.74.0 - 2022-08-13
• 2.73.1 - 2022-08-11
• 2.73.0 - 2022-08-08
• 2.72.2 - 2022-07-14
• 2.72.1 - 2022-07-13
• 2.72.0 - 2022-07-12
• 2.71.0 - 2022-06-25
• 2.70.3 - 2022-06-13
• 2.70.2 - 2022-06-12
• 2.70.1 - 2022-06-12
• 2.70.0 - 2022-06-11
• 2.69.1 - 2022-06-02
• 2.69.0 - 2022-06-02
• 2.68.1 - 2022-05-10
• 2.68.0 - 2022-04-23
• 2.67.1 - 2022-05-21
• 2.67.0 - 2022-04-18
• 2.66.3 - 2022-03-28
• 2.66.2 - 2022-03-28
• 2.66.1 - 2022-03-28
• 2.66.0 - 2022-03-27
• 2.65.1 - 2022-03-16
• 2.65.0 - 2022-03-13
• 2.64.1 - 2022-02-27

from node-opcua GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Greet Contributors Bot
Thank you for taking your time and effort for your contribution, we truly value it. 🎉

The amazing contributor in this pull request is @snyk-bot