[Snyk] Security upgrade node-opcua from 2.64.1 to 2.74.0 - Githubissues

BiancoRoyal / node-red-contrib-iiot-opcua

deprecated - very new developed by PLUS for Node-RED - https://plus4nodered.com

https://www.npmjs.com/package/node-red-contrib-iiot-opcua

BSD 3-Clause "New" or "Revised" License

34 stars 8 forks source link

[Snyk] Security upgrade node-opcua from 2.64.1 to 2.74.0 #193

Closed snyk-bot closed 1 year ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODEOPCUA-2988723	No	Proof of Concept
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODEOPCUA-2988724	No	Proof of Concept
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODEOPCUA-2988725	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-opcua

The new version differs by 188 commits.

003ee04 v2.74.0
902b288 update copyright and license
7b5044b server: use ServiceFault on request error
3fd46ec server: fix Subscription.modify assert
684a796 v2.73.1
7edf48c improve extension object initialize field
6327868 cleanup
6d8be3b fix typo
b23a87c v2.73.0
156520c fix javascript test
429194a add variant array length overflow
ca83cab add buffer overflow protection
3a6ff3e node-opcua-address-space: fix typescript export issues & refactor
cb2e006 add new state in reconnection
224f286 parallel test now display running tests periodically
08e4241 server: fix initial keepalive in subscription
1490b53 update test timeout
d7c50c5 account for unattached subscriptions in maxSusbcriptions
1b92420 adjust tests
83364eb adjust tests
a80b821 add option to limit CPU usage
bff28ca ajust time in test
c2a1b30 machinetool: fix typescript definition
d231884 fix type generation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

github-actions[bot] commented 2 years ago

Greet Contributors Bot
Thank you for taking your time and effort for your contribution, we truly value it. :tada:

The amazing contributor in this pull request is @snyk-bot