Bump node-opcua from 2.162.0 to 2.167.0

[dependabot]

Bumps node-opcua from 2.162.0 to 2.167.0.

Release notes

Sourced from node-opcua's releases.

🚀 Release Notes — v2.167.0

node-opcua Release Notes: v2.165.1 → v2.167.0

v2.167.0

✨ Features

• server-config: Accept certificate chain in TrustListClient.addCertificate — enables full chain trust management via the GDS push model [135902c]
• core: Thread ISessionContext through ApplyChanges event chain — allows consumers to identify which session triggered a configuration change [4033f97]

🐛 Bug Fixes

• server: Harden register_server_manager against null/missing values [95b5aa5]
• server: Use explicit length check for certificate chain instead of truthiness guard — prevents edge cases with empty arrays [ef3f04e]
• core: Harden certificate validation and fix Certificate[] migration [d276591]
• core: Resolve tsc --noEmit errors in node-opcua-end2end-test test suite [e34bbb1]

🔧 Refactor

• server-config: Self-contained test certificates — tests no longer depend on external PKI state [13f310f]

---

v2.166.1

🐛 Bug Fixes

• client: Fix "Callback was already called" race condition during connection abort — prevents double-callback crash when a connection is terminated mid-handshake [c487bf5]

🧹 Chores

• Update node-opcua-pki / node-opcua-crypto dependencies [713f852]

---

v2.166.0

🐛 Bug Fixes

• secure-channel: Add TTL eviction to nonce cache — prevents unbounded memory growth on long-lived servers with many reconnections [b82c293]
• server: Add nonce verification to UserNameIdentityToken password extraction — hardens against replay attacks [c6b0573]

🧹 Chores

• Minor fixes [e4c3c87]
• Update packages [6ac3120]

⚠️ Security

• Nonce verification for password tokens [c6b0573]: The server now verifies that the nonce embedded in UserNameIdentityToken matches the nonce issued during CreateSession. This is a security hardening measure that protects against credential replay attacks.

• Nonce cache TTL eviction [b82c293]: Stale entries in the secure-channel nonce cache are now evicted after a configurable TTL, preventing memory exhaustion on servers handling many short-lived client connections.

... (truncated)

Commits

• 5decfa8 v2.167.0
• 13f310f refactor(server-config): self-contained test certificates
• 135902c feat(server-config): accept certificate chain in
• c0f5f35 test(e2e): fix chained certificate test to expect
• 95b5aa5 fix(server): harden register_server_manager against
• ef3f04e fix(server): use explicit length check for certificate
• e34bbb1 fix: resolve tsc --noEmit errors in node-opcua-end2end-test test suite
• d276591 fix: harden certificate validation and fix Certificate[] migration
• 25ab1b6 test(address-space): Fix hardcoded namespace index in AddIn instantiation test
• c487bf5 fix(client): Fix Callback was already called race condition during connection...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)