search

RapidScada / scada

Contains Rapid SCADA sources
Apache License 2.0
680 stars 311 forks source link

Bump OPCFoundation.NetStandard.Opc.Ua from 1.4.356.27 to 1.4.365.10 in /ScadaComm/OpenKPs/KpOpcUa #115

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps OPCFoundation.NetStandard.Opc.Ua from 1.4.356.27 to 1.4.365.10.

Release notes

Sourced from OPCFoundation.NetStandard.Opc.Ua's releases.

OPC UA 1.04 Maintenance Update

  • fix issue with JSON encoder, field names were not escaped
  • add some basic tests for ECDsa cert generation and validate yet missing ECC cert factory API extensions with test cases
  • improve how the cert validator returns suppressible errors
  • not a breaking change: the cert validator callback is now called for every suppressible error, not only once, for backward compatibility with existing applications
  • applications which implement to handle all suppressible errors in a single callback can set the 'AcceptAll' flag instead of 'Accept' to accept all suppressible errors once.
  • in the client library the domain check can also be handled in the validator callback.
  • fix warnings and cross platform line feed usage
  • known issue: #1238, private key is not stored in X509Store on .NET Core 3.1 / windows

Changes:

  • bfa117b7a73217b26d369c75a2b6cb70884469fc Implement an AcceptAll flag in the cert validator callback (#1230)
  • 4752a808dfb533b2340175ca288cd8c7af696b6f Validate server domains in Cert validator (#1226)
  • 2c1532edcb474d4437ad0810c7dc4108509a1f78 Tests for ECDsa certs (#1225)
  • ac8e358c2c48c17d14ee91ee47363b6b1ab4894a Escape special characters in JSON fieldnames (#1224) [ #1210 ]
  • 521d182d63aa9d9f36ebf057c51287b92fcff780 Bump Portable.BouncyCastle from 1.8.8 to 1.8.9 (#1222)
  • 8c216e78f458c22d3f9f660b5494f3c38f4fdcea Replace CRLF in debug strings with AppendLine and improve cert validator tests (#1220)
  • d815cfb972bd668c1b6e461f6ff97519d6b26f25 Improve handling of certificate validation (#1217)
  • 52754f48143130329621987179425e569f265a6e Bump System.ServiceModel.Primitives from 4.5.3 to 4.8.0 (#1182)

This list of changes was auto generated.

OPC UA 1.04 Maintenance Update

New implementation of many X509 related functions based on new System.Formats.Asn1 library

  • Based on the new System.Formats.Asn1 library released with .NET Core 5 many ASN.1 encoding and decoding operations have been reimplemented to reduce the dependency on an external crypto library called bouncy castle.
  • The X509 code located in Security/Certificates was refactored and reimplemented to seperate the X509 ASN.1 encoder/decoder functions from Core into a new assembly called Opc.Ua.Security.Certificates with source code under MIT license.
  • New CertificateBuilder and CrlBuilder class APIs allow for simplified cert and crl creation and are prepared for future ECC support.
  • For applications which use the .NET Standard 2.1 version of the core library (e.g. .NET Core 3.1 applications) the built in CertificateRequest class is used to create certificates and the dependency on the bouncy castle library is completely removed. Note: The GDS server libraries still use bouncy castle to decode CSRs even on .NET Core 3. Reimplementation is tbd.

Breaking change for some Utils functions

  • many X509 helper functions which were located in Utils found a new home in the X509Utils class.

Released packages

OPCFoundation.NetStandard.Opc.Ua.Core OPCFoundation.NetStandard.Opc.Ua.Security.Certificates OPCFoundation.NetStandard.Opc.Ua.Configuration OPCFoundation.NetStandard.Opc.Ua.Server OPCFoundation.NetStandard.Opc.Ua.Client OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes OPCFoundation.NetStandard.Opc.Ua.Bindings.Https

For improved debug experience in combination with the nuget symbol server there exist also packages with the extension .Debug. To reduce application footprint it is recommended to switch to individual package dependencies instead of the combined packages in previous releases.

Packages compatible with previous releases

OPCFoundation.NetStandard.Opc.Ua OPCFoundation.NetStandard.Opc.Ua.Symbols OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes.Symbols

... (truncated)

Commits
  • 2e6263e Merge pull request #1229 from OPCFoundation/master
  • bfa117b Implement an AcceptAll flag in the cert validator callback (#1230)
  • 4752a80 Validate server domains in Cert validator (#1226)
  • 2c1532e Tests for ECDsa certs (#1225)
  • ac8e358 Escape special characters in JSON fieldnames (#1224)
  • 521d182 Bump Portable.BouncyCastle from 1.8.8 to 1.8.9 (#1222)
  • 8c216e7 Replace CRLF in debug strings with AppendLine and improve cert validator test...
  • d815cfb Improve handling of certificate validation (#1217)
  • acd1115 mark as release
  • 52754f4 Bump System.ServiceModel.Primitives from 4.5.3 to 4.8.0 (#1182)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RapidScada/scada/network/alerts).
2mik commented 2 years ago

All new libraries will be used in the v6.

dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

2mik commented 2 years ago

@dependabot ignore this major version

dependabot[bot] commented 2 years ago

OK, I won't notify you about version 1.x.x again, unless you re-open this PR or update to a 1.x.x release yourself.