This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade node-opcua from 2.81.0 to 2.104.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **28 versions** ahead of your current version.
- The recommended version was released **23 days ago**, on 2023-06-05.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **444/1000** **Why?** Proof of Concept exploit, Recently disclosed, CVSS 5.3 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: node-opcua
v2.104.0, a significant milestone packed with crucial enhancements, most notably the elimination of openSSL command usage for creating private keys and self-signed certificates.
In this release, we have successfully upgraded node-opcua-crypto to v3.0.0. As a result, crypto key pairs are now generated via the node crypto module, a substantial shift from the previous openSSL dependency.
This enhancement not only simplifies the client integration within your environment by eradicating the need for openssl installation but also ensures a smoother user experience during node-opcua installation in restricted networks. You will no longer experience attempts to fetch and install openssl during the first run, leading to a streamlined installation process.
However, please note that due to this change, node.js version 16.0 or greater is now required, as earlier versions do not support the necessary crypto API.
π Breaking Changes
Node-opcua now requires esModuleInterop=true for the build, a change made to accommodate new modules we rely on.
OpenSSL does not need to be preinstalled anymore
NodeJS >= 16 is required
π Enhancements
A series of commits have led to updates to the new node-opcua-crypto & pki, and better warning messages for 'BadCertificateChainIncomplete'.
35f7969 chore: createPrivateKey fix issue with node<=16
e350b93 support BadCertificateChainIncomplete and improve warning message
π Bug Fixes
Several bugs were squashed in this release, including TypeScript issues that surfaces with the switch to thenew typescript 5.x version, as well as fixes for EnumValueType value initialization.
186bbd1 fix typescript issues raised with new ts version
Our commitment to high-quality code has seen an upgrade in code coverage, with several commits dedicated to this, and the integration of a new coverall.
a8ef721b96cec0 14c40510cchore: improve code coverage and remove unused code
Routine maintenance and code cleanup were undertaken, which included verification of certain fixes, package.json cleanup, removal of obsolete WriteMask, and TypeScript fixes in test.
fa05883 chore: verify that #937 is fixed (Loading enums from nodeset.xml files does not work for enums with negative values )
As we continue to refine and expand node-opcua, we warmly welcome sponsorships and contributions via our membership program at Sterfive or through OpenCollective. Your generous support empowers us to innovate and foster a community built on shared knowledge and creativity. Together, we are shaping the future of node-opcua!
improve UAVariable/UAAnalogDataItem write OutOfBound value ( #1119)
add an optional acceptValueOutOfRange flag to addAnalogItem.
The acceptValueOutOfRange property indicates whether the write operation will accept or reject
value which is out of range of the instrumentRange.
if true: during am writeOperation by a client if the dataValue that is outside of the
instrumentRange. it will be recorded database and the statusCode will be set to BadOutOfRange, and
the write operation will return Good. The value will be ecorded in the history database if the variable supports historizing.
if false: during a writeOperation by a client, if the dataValue that is outside of the
instrumentRangeit will be denied and the write operation will return BadOutOfRange.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade node-opcua from 2.81.0 to 2.104.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **28 versions** ahead of your current version. - The recommended version was released **23 days ago**, on 2023-06-05. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **444/1000**
**Why?** Proof of Concept exploit, Recently disclosed, CVSS 5.3 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: node-opcua
v2.104.0, a significant milestone packed with crucial enhancements, most notably the elimination of openSSL command usage for creating private keys and self-signed certificates.
In this release, we have successfully upgraded node-opcua-crypto to v3.0.0. As a result, crypto key pairs are now generated via the node crypto module, a substantial shift from the previous openSSL dependency.
This enhancement not only simplifies the client integration within your environment by eradicating the need for openssl installation but also ensures a smoother user experience during node-opcua installation in restricted networks. You will no longer experience attempts to fetch and install openssl during the first run, leading to a streamlined installation process.
However, please note that due to this change, node.js version 16.0 or greater is now required, as earlier versions do not support the necessary crypto API.
A series of commits have led to updates to the new node-opcua-crypto & pki, and better warning messages for 'BadCertificateChainIncomplete'.
π Bug Fixes
Several bugs were squashed in this release, including TypeScript issues that surfaces with the switch to thenew typescript 5.x version, as well as fixes for EnumValueType value initialization.
Our commitment to high-quality code has seen an upgrade in code coverage, with several commits dedicated to this, and the integration of a new coverall.
π§βπ Maintenance and Code Improvement
Routine maintenance and code cleanup were undertaken, which included verification of certain fixes, package.json cleanup, removal of obsolete WriteMask, and TypeScript fixes in test.
The README.md file was updated, and an example was added to illustrate a particular issue, thereby enhancing the overall documentation.
π¬π½ community support
As we continue to refine and expand node-opcua, we warmly welcome sponsorships and contributions via our membership program at Sterfive or through OpenCollective. Your generous support empowers us to innovate and foster a community built on shared knowledge and creativity. Together, we are shaping the future of node-opcua!
π¬π½ contributors
improve UAVariable/UAAnalogDataItem write OutOfBound value ( #1119)
add an optional acceptValueOutOfRange flag to addAnalogItem.
The acceptValueOutOfRange property indicates whether the write operation will accept or reject
value which is out of range of the instrumentRange.
if true: during am writeOperation by a client if the dataValue that is outside of the
instrumentRange. it will be recorded database and the statusCode will be set to BadOutOfRange, and
the write operation will return Good. The value will be ecorded in the history database if the variable supports historizing.
if false: during a writeOperation by a client, if the dataValue that is outside of the
instrumentRangeit will be denied and the write operation will return BadOutOfRange.
Commit messages
Package name: node-opcua
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
π§ View latest project report
π Adjust upgrade PR settings
π Ignore this dependency or unsubscribe from future upgrade PRs