Bump node-opcua from 2.121.0 to 2.123.0

[dependabot[bot]]

Bumps node-opcua from 2.121.0 to 2.123.0.

Release notes

Sourced from node-opcua's releases.

v2.123.0

What's Changed

• In this release, we've resolved a persistent issue in the OPCUA Client interface that led to premature disconnections or problems with security token renewal when there was a significant time discrepancy between the client and server clocks. Now, the OPCUA Client utilizes its own time, captured when the OpenSecurityChannelResponse is received, instead of relying on the server's time to calculate the security token's lifetime expiration. Additionally, it will display a warning in the console [NODE-OPCUA-W33] if there's a notable time difference between the server's time and the local time on the computer where the OPCUA client is running. This enhancement aims to make it easier to identify servers with time synchronization issues (#1349) (#1351). 🎉 Special kudo to EirikVea for nailing the root cause.

the warning message looks like: `

[NODE-OPCUA-W33]  client : server token creation date exposes a time discrepancy of 10 minutes 23 seconds
                  the remote server clock doesn't match this computer date !
                  please check both server and client clocks are properly set .
                  server time:  2024-03-17 10:20:30.300Z
                  client time:   2024-03-17 10:30:53.300Z
                  server URL = opc.tcp.//mydevice:4840

• Furthermore, we've incorporated the Aes256_Sha256_RsaPss security policy in this version, completing our transition to the OPC UA 1.05 security profiles by setting Aes256_Sha256_RsaPss as the default. We have also removed the Basic128Rsa15 and Basic256 security policies from the server's default policies. However, these can be reactivated, if necessary, by specifying the securityPolicies parameter in the OPCUA Server constructor. (#1348)

Default policies used if securityPolicies is not specified:

before	now in v2.123.0
None	None
Basic128Rsa15
Basic256
Basic256Sha256	Basic256Sha256
Aes128_Sha256_RsaOaep	Aes128_Sha256_RsaOaep
	Aes256_Sha256_RsaPss

• We reintroduced PKCS1 padding (Issue #1347), which was previously removed in version 2.122.0, due to Node.js discontinuing support for PKCS padding with private key encryption. However, this reintroduction comes with a caveat for users of Node.js versions newer than 18.11.1 or NodeJS > 20.11.1. To enable PKCS1 padding, you must include the argument --security-revert=CVE-2023-46809 when running the Node.js executable. This step reverses a security fix in Node.js, allowing PKCS1 padding to function. Failure to apply this workaround may result in connectivity issues between the Client and Server when interacting with devices that still utilize the now-deprecated 128Rsa15 security policy for channel or user token encryption.

• We found out that the recent version of NodeJS now emits an AggregateError instead of a Error on windows when multiple network cards are present, causing the connection mechanism to struggle, this only affects Node 20.11.1 on windows as far as we are aware [b4ff2588ba]

details

🐛 Bug Fixes

• [cd9dcb0474] Fix crawler has throw error if the object does not contain displayName or description #1343
• [b4ff2588ba] Fix error message of AggregateError generated by Node.js 20.11.1 on Windows when connection is refused

✨ Enhancements

• [26359c0c1f] Fix Aes256_Sha256_RsaPss security policy #1259 #1281 (sponsored)
• [31af8b26b5] Server: Adjust default security policies - add Aes256_Sha256_RsaPss in default security policies and remove deprecated Basic128Rsa15 and Basic256 from default security policies
• [a9ec280c07] Client now displays a warning when the remote server clock is out of sync by more than 5 seconds #1349
• [28efd1a274] Now print time drift statistic to ClientSecureChannelLayer#toString [92dd8db924] Display warning when the nodejs --security-revert=CVE-2023-46809 command line option needs to be used to allow legacy Basic192Rsa15 encryption and server ( in 20.11.1 and 18.11.1 onward)

... (truncated)

Commits

• 64b4575 v2.123.0
• 31af8b2 server: adjust default security policies
• 28efd1a now print timeDrift statistic to ClientSecureChannelLayer#toString
• e65ef43 chore: code cleanup
• a9ec280 Client: fix connection behavior when server clock is out of date #1349
• 2f8275f chore: remove unused files
• 26359c0 fix Aes256_Sha256_RsaPss security policy
• cd9dcb0 Fix crawler has throw error if object do not contains displayName or description
• fa0b34f chore: coerceSecurityPolicies
• bec0df2 chore: improve client connection error feedback
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)