[Snyk] Upgrade node-opcua from 2.81.0 to 2.144.0

[biancode]

Snyk has created this PR to upgrade node-opcua from 2.81.0 to 2.144.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 75 versions ahead of your current version.

• The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	696	Proof of Concept
	Observable Discrepancy SNYK-JS-JSRSASIGN-6070731	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept

Release notes

Package name: node-opcua

• 2.144.0 - 2025-02-07
  

  v2.144.0

• 2.143.0 - 2025-01-30
  

  Full Changelog: v2.142.0...v2.143.0

• 2.142.0 - 2025-01-30
  

  What's Changed

  • upgrade to new node-opcua-pki@5

  Full Changelog: v2.141.0...v2.142.0

• 2.141.0 - 2025-01-27
  

  What's Changed

  🛠 Maintenance

  • [41c2c2f] chore: replace thenify module with thenify-ex by @ erossignon in #1411
  • [8354bc4] Updated packages to maintain security and performance with the latest software versions.
  • [069823c] Updated the copyright year to reflect the current year, ensuring legal compliance and up-to-date documentation.

  🐛 Bug Fixes

  • [212fcec] Dispose MonitoredItem after event by @ patrickl92 in #1407
  • [0042f95] Fixed issues with parsing relative paths that contain reserved characters, ensuring compatibility and functionality.

  API Break

  • [41c2c2f] turn methods of UAProxyClient to use async/await instead of callbacks

  New Contributors

  • @ patrickl92 made their first contribution in #1407

  Full Changelog: v2.140.0...v2.141.0

• 2.140.0 - 2025-01-03
  

  Release Notes for 2.140.0

  🛠 Maintenance

  • f1ab2f2: Updated the license copyright year

  🚀 Enhancements

  • d5c4e0f: Improved getExtraDataTypeManager and its caching mechanism:
    • Enhanced parallelization of dataType definition extraction, benefiting users of the @ sterfive/optimized-client module.
    • Added tests to ensure caching is properly managed, particularly checking that cache gets cleared when reconnection leads to a reconstructed client session and is preserved when the session can be recycled.

  📦 Package Updates

  • 9e4d936: Bumped the version number of the io-link package.
  • 99e8aed: Updated node-opcua-pki to version 4.18, which includes a bug fix for certificates with CN containing slashes or backslashes, ensuring they are properly interpreted and serialized in the PKI trusted or rejected folders.

  What's Changed

  • improve getExtraDataTypeManager and caching by @ erossignon in #1405
    Full Changelog: v2.139.0...v2.140.0
• 2.139.0 - 2024-12-15
  

  What's Changed

  This version introduced two important fixes on the server side:

  • We address a bug that would cause the server to run out of sessions, while loosing connection with a constantly reconnecting client when Session credentials are used. [12c1407]

  • We address a bug that could cause the server to crash when receiving malformed packet credentials information from a client.
    [ab2bc84]

  🐛 Bug Fixes

  • ce21e30: Resolved issues in clean scripts to improve build processes.
  • bd12868: Addressed a bug in session transfer tests to ensure robust session management.
  • ab2bc84: Prevented a crash in transport due to missed form packet, enhancing stability.
  • 12c1407: Corrected token comparison logic to account for non-unique password encryption scenarios.
  • ee94d1c: Fixed an unexpected assert that could disrupt normal operations.

  ✨ Enhancements

  • 99d0414: Enhanced the LDS server by exposing MSDNSResponser and registerServerMap, improving server discoverability and management.

  🛠 Maintenance and Refactoring

  • b3c2ba0: Switched to using node:slim to reduce the Docker image size, optimizing deployment.

  • 2e30bc4: Added a SECURITY.md to the repository to provide clear security guidelines and practices.

  • 4255b44: Replaced deprecated vorpal with @ inquire/prompt to modernize CLI interactions and limit vulnerabilities. #1402

  • 333f44a: Updated various packages to the latest versions to leverage new features and security improvements.

  🔧 Configuration and Setup

  • 376af74: Updated CI configurations to use an older pnpm version compatible with legacy Node.js (v16) environments.
  • 7968403: Transitioned to pnpm@9 for package management to align with the latest efficient and secure practices.

  📚 Documentation and Examples

  • d366485, 2940e0b: Updated sample_server.js to reflect current best practices and showcase the latest features.

  📦 Updates and Improvements

  • 28d0871, 13c3d2b: Various chores to enhance TypeScript support and clean up code for better maintainability and performance.

  Full Changelog: v2.138.1...v2.139.0

• 2.138.1 - 2024-11-22
  

  v2.138.1

  🐛 Bug Fixes

  • 5452ead: Fixed issues related to default encoding in nodeset and symbol generation, ensuring correct and consistent behavior across implementations.

  ✨ Enhancements

  • 059bb9c: Restored the device health helper to improve monitoring and maintenance capabilities, enhancing device management and operational efficiency.

  Full Changelog: v2.138.0...v2.138.1

• 2.138.0 - 2024-11-22
  

  What's Changed

  • addressSpace: improve addin support by @ erossignon in #1399

  🚀 enhancement

  •  [8a16a87] address-space: improve addin support

  Full Changelog: v2.137.0...v2.138.0

• 2.137.0 - 2024-11-20
  

  Full Changelog: v2.136.0...v2.137.0

  Release Notes

  🚨 breaking changes for typescript users

  • node-opcua-crypto has been updated to use node16 exports module convension.
  • this type of import is not fully support by typescript by default,
  • you need to make sure that your application uses:
  • typescript > 4.7
  • your tsconfig.json file contains the following

  {
     "nodeModuleResolution": "Node16"  // instead of "node" 
     "module": "Node16", //     "module": "commonjs",
  }
  

  (btw , this move will also give you access to other npm packages that you may struggle to update to too)
  ref: article

  🛠 Refactorings and Optimizations

  • 321029f: Refactored to use Map in _cache for better performance and memory management.
  • 9575109: Cleaned up cache interface, enhancing clarity and maintainability.
  • e1e8c08: Improved subtypeOf function for more efficient type checking.
  • dbdd484: Converted ConditionRefreshCache to use a Map structure, improving access times and data management.
  • f7de47d: Refactored to use Map for promotable objects to streamline object management.
  • f6eb67a: Refactored loadnodeset2 using Maps, optimizing data loading processes.
  • d6a2534: Refactored condition snapshot handling, enhancing the efficiency of condition evaluations.
  • ec0181d: Made XmlExtensionObjectReader use Map for improved parsing efficiency.
  • bb66556, da15255: Sanitized internal structures using WeakMap and Map to prevent potential memory leaks and enhance security.
  • 93f87fc, cd89f60: Used Set instead of object maps for storing nodes, reducing overhead and preventing potential prototype pollution.
  • f3cc48a: Utilized Map in ClientAlarmList for better performance and reliability.

  🚀 New Features and Improvements

  • 04cd13a: Added missing fixture files to improve testing reliability.
  • a3f1cfd: Improved optional filter for more flexible query handling.
  • 76f483d, 7077b13: Enhanced addressSpace with new utilities like implementInterface and instantiateAddIn to facilitate interface implementations.

  🐛 Bug Fixes

  • 40dfc39, 0e47694: Addressed potential prototype pollution attacks in various utility functions, enhancing security.
  • 7b9c63c: Fixed an issue with the extension object field of data type 'Number', ensuring correct data handling.
  • ab0f7d2, ce4d82f: Resolved parsing issues with BSD files, particularly with recursive structures, ensuring compatibility and correctness.
  • 9db71b7: Corrected an issue in package.json, improving project configuration and dependency management.

  📦 Package and Dependency Updates

  • 62ba9dc: Updated packages to the latest versions to leverage improved functionality and security patches.
  • ad5f385, 1434284: Updated nodeset catalog and code generation tools, keeping the project up-to-date with the latest standards.

  🛡️ Security Enhancements

  • ce4d82f: Reduced vulnerabilities in dockertest/Dockerfile, enhancing security measures against potential exploits.

  📖 Documentation and Misc

  • 4b55850: Cleaned up xml2json code for better readability and maintenance.
  • cd89f60: Added tactical comments in empty interfaces to provide better guidance for future development.

  🔧 Configuration and Setup Changes

  • 835f0c3: Updated code generation configurations, streamlining development workflows and enhancing build consistency.
• 2.136.0 - 2024-11-11
  

  Full Changelog: v2.135.0...v2.136.0

  fix xml namespace output for LocalizedText and QualifiedName

• 2.135.0 - 2024-11-11
• 2.134.0 - 2024-11-10
• 2.133.0 - 2024-09-25
• 2.132.0 - 2024-09-13
• 2.131.0 - 2024-09-13
• 2.130.0 - 2024-07-30
• 2.129.0 - 2024-07-17
• 2.128.0 - 2024-07-02
• 2.127.1 - 2024-06-27
• 2.127.0 - 2024-06-27
• 2.126.0 - 2024-06-18
• 2.125.0 - 2024-06-05
• 2.124.0 - 2024-04-08
• 2.123.0 - 2024-03-10
• 2.122.0 - 2024-02-28
• 2.121.0 - 2024-02-25
• 2.120.0 - 2024-01-21
• 2.119.2 - 2023-12-25
• 2.119.1 - 2023-12-25
• 2.119.0 - 2023-12-23
• 2.118.0 - 2023-11-20
• 2.117.0 - 2023-11-13
• 2.116.0 - 2023-11-03
• 2.115.0 - 2023-10-04
• 2.114.0 - 2023-10-02
• 2.113.2 - 2023-12-23
• 2.113.1 - 2023-12-22
• 2.113.0 - 2023-09-07
• 2.112.0 - 2023-09-06
• 2.111.0 - 2023-09-03
• 2.110.0 - 2023-08-17
• 2.109.0 - 2023-08-15
• 2.108.0 - 2023-07-18
• 2.107.0 - 2023-07-11
• 2.106.0 - 2023-06-30
• 2.105.1 - 2023-06-16
• 2.105.0 - 2023-06-10
• 2.104.0 - 2023-06-05
• 2.103.0 - 2023-05-05
• 2.102.0 - 2023-05-02
• 2.101.0 - 2023-05-01
• 2.100.0 - 2023-04-14
• 2.99.0 - 2023-04-11
• 2.98.2 - 2023-04-10
• 2.98.1 - 2023-04-10
• 2.98.0 - 2023-04-09
• 2.97.0 - 2023-04-05
• 2.96.0 - 2023-03-24
• 2.95.0 - 2023-03-18
• 2.94.0 - 2023-03-14
• 2.93.0 - 2023-03-13
• 2.92.0 - 2023-03-12
• 2.91.1 - 2023-02-24
• 2.91.0 - 2023-02-17
• 2.90.1 - 2023-02-15
• 2.90.0 - 2023-01-29
• 2.89.0 - 2023-01-22
• 2.88.0 - 2023-01-03
• 2.87.0 - 2022-12-18
• 2.86.1 - 2022-12-16
• 2.86.0 - 2022-12-15
• 2.85.0 - 2022-11-25
• 2.84.0 - 2022-11-18
• 2.83.0 - 2022-11-14
• 2.82.0 - 2022-10-27
• 2.81.0 - 2022-10-11

from node-opcua GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Greet Contributors Bot
Thank you for taking your time and effort for your contribution, we truly value it. 🎉

The amazing contributor in this pull request is @snyk-bot