@sap/cds 1.15.1 → 1.17.0

package/CHANGELOG.md

@@ -0,0 +1,19 @@
+# ChangeLog for node-cds
+
+## Version 1.17.0 - 2022-18-08
+
+### Added
+
+- Node 16 support.
+
+## Version 1.16.8 - 2022-06-08
+
+### Fixed
+
+- Use `async@2.6.4^` to get rid of security vulnerability.
+
+## Version 1.16.3 - 2021-07-07
+
+### Fixed
+
+- Use `lodash@4^` to get rid of security vulnerability.

package/{developer-license-3.1.txt → LICENSE}

@@ -1,35 +1,37 @@
-SAP DEVELOPER LICENSE AGREEMENT
-
-Please scroll down and read the following Developer License Agreement carefully ("Developer Agreement").  By clicking "I Accept" or by attempting to download, or install, or use the SAP software and other materials that accompany this Developer Agreement ("SAP Materials"), You agree that this Developer Agreement forms a legally binding agreement between You ("You" or "Your") and SAP SE, for and on behalf of itself and its subsidiaries and affiliates (as defined in Section 15 of the German Stock Corporation Act) and You agree to be bound by all of the terms and conditions stated in this Developer Agreement. If You are trying to access or download the SAP Materials on behalf of Your employer or as a consultant or agent of a third party (either "Your Company"), You represent and warrant that You have the authority to act on behalf of and bind Your Company to the terms of this Developer Agreement and everywhere in this Developer Agreement that refers to 'You' or 'Your' shall also include Your Company. If You do not agree to these terms, do not click "I Accept", and do not attempt to access or use the SAP Materials.
-
-1.  LICENSE: SAP grants You a non-exclusive, non-transferable, non-sublicensable, revocable, limited use license to copy, reproduce and distribute the application programming interfaces ("API"), documentation, plug-ins, templates, scripts and sample code ("Tools") on a desktop, laptop, tablet, smart phone, or other appropriate computer device that You own or control (any, a "Computer") to create new applications ("Customer Applications"). You agree that the Customer Applications will not: (a) unreasonably impair, degrade or reduce the performance or security of any SAP software applications, services or related technology ("Software"); (b) enable the bypassing or circumventing of SAP's license restrictions and/or provide users with access to the Software to which such users are not licensed; (c) render or provide, without prior written consent from SAP, any information concerning SAP software license terms, Software, or any other information related to SAP products; or (d) permit mass data extraction from an SAP product to a non-SAP product, including use, modification, saving or other processing of such data in the non-SAP product. In exchange for the right to develop Customer Applications under this Agreement, You covenant not to assert any Intellectual Property Rights in Customer Applications created by You against any SAP product, service, or future SAP development.
-
-2.  INTELLECTUAL PROPERTY: (a) SAP or its licensors retain all ownership and intellectual property rights in the APIs, Tools and Software. You may not: a) remove or modify any marks or proprietary notices of SAP, b) provide or make the APIs, Tools or Software available to any third party, c) assign this Developer Agreement or give or transfer the APIs, Tools or Software or an interest in them to another individual or entity, d) decompile, disassemble or reverse engineer (except to the extent permitted by applicable law) the APIs Tools or Software, (e) create derivative works of or based on the APIs, Tools or Software, (f) use any SAP name, trademark or logo, or (g) use the APIs or Tools to modify existing Software or other SAP product functionality or to access the Software or other SAP products' source code or metadata.
-(b) Subject to SAP's underlying rights in any part of the APIs, Tools or Software, You retain all ownership and intellectual property rights in Your Customer Applications.
-
-3. FREE AND OPEN SOURCE COMPONENTS: The SAP Materials may include certain third party free or open source components ("FOSS Components"). You may have additional rights in such FOSS Components that are provided by the third party licensors of those components.
-
-4. THIRD PARTY DEPENDENCIES: The SAP Materials may require certain third party software dependencies ("Dependencies") for the use or operation of such SAP Materials. These dependencies may be identified by SAP in Maven POM files, product documentation or by other means. SAP does not grant You any rights in or to such Dependencies under this Developer Agreement. You are solely responsible for the acquisition, installation and use of Dependencies. SAP DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES IN RESPECT OF DEPENDENCIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR A PARTICULAR PURPOSE. IN PARTICULAR, SAP DOES NOT WARRANT THAT DEPENDENCIES WILL BE AVAILABLE, ERROR FREE, INTEROPERABLE WITH THE SAP MATERIALS, SUITABLE FOR ANY PARTICULAR PURPOSE OR NON-INFRINGING.  YOU ASSUME ALL RISKS ASSOCIATED WITH THE USE OF DEPENDENCIES, INCLUDING WITHOUT LIMITATION RISKS RELATING TO QUALITY, AVAILABILITY, PERFORMANCE, DATA LOSS, UTILITY IN A PRODUCTION ENVIRONMENT, AND NON-INFRINGEMENT. IN NO EVENT WILL SAP BE LIABLE DIRECTLY OR INDIRECTLY IN RESPECT OF ANY USE OF DEPENDENCIES BY YOU.
-
-
-5.  WARRANTY:
-a)  If You are located outside the US or Canada: AS THE API AND TOOLS ARE PROVIDED TO YOU FREE OF CHARGE, SAP DOES NOT GUARANTEE OR WARRANT ANY FEATURES OR QUALITIES OF THE TOOLS OR API OR GIVE ANY UNDERTAKING WITH REGARD TO ANY OTHER QUALITY. NO SUCH WARRANTY OR UNDERTAKING SHALL BE IMPLIED BY YOU FROM ANY DESCRIPTION IN THE API OR TOOLS OR ANY AVAILABLE DOCUMENTATION OR ANY OTHER COMMUNICATION OR ADVERTISEMENT. IN PARTICULAR, SAP DOES NOT WARRANT THAT THE SOFTWARE WILL BE AVAILABLE UNINTERRUPTED, ERROR FREE, OR PERMANENTLY AVAILABLE.  FOR THE TOOLS AND API ALL WARRANTY CLAIMS ARE SUBJECT TO THE LIMITATION OF LIABILITY STIPULATED IN SECTION 4 BELOW.
-b)  If You are located in the US or Canada: THE API AND TOOLS ARE LICENSED TO YOU "AS IS", WITHOUT ANY WARRANTY, ESCROW, TRAINING, MAINTENANCE, OR SERVICE OBLIGATIONS WHATSOEVER ON THE PART OF SAP. SAP MAKES NO EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OF SALE OF ANY TYPE WHATSOEVER, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR A PARTICULAR PURPOSE. IN PARTICULAR, SAP DOES NOT WARRANT THAT THE SOFTWARE WILL BE AVAILABLE UNINTERRUPTED, ERROR FREE, OR PERMANENTLY AVAILABLE.  YOU ASSUME ALL RISKS ASSOCIATED WITH THE USE OF THE API AND TOOLS, INCLUDING WITHOUT LIMITATION RISKS RELATING TO QUALITY, AVAILABILITY, PERFORMANCE, DATA LOSS, AND UTILITY IN A PRODUCTION ENVIRONMENT.
-
-6.  LIMITATION OF LIABILITY:
-a)  If You are located outside the US or Canada: IRRESPECTIVE OF THE LEGAL REASONS, SAP SHALL ONLY BE LIABLE FOR DAMAGES UNDER THIS AGREEMENT IF SUCH DAMAGE (I) CAN BE CLAIMED UNDER THE GERMAN PRODUCT LIABILITY ACT OR (II) IS CAUSED BY INTENTIONAL MISCONDUCT OF SAP OR (III) CONSISTS OF PERSONAL INJURY. IN ALL OTHER CASES, NEITHER SAP NOR ITS EMPLOYEES, AGENTS AND SUBCONTRACTORS SHALL BE LIABLE FOR ANY KIND OF DAMAGE OR CLAIMS HEREUNDER.
-b)  If You are located in the US or Canada: IN NO EVENT SHALL SAP BE LIABLE TO YOU, YOUR COMPANY OR TO ANY THIRD PARTY FOR ANY DAMAGES IN AN AMOUNT IN EXCESS OF $100 ARISING IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE TOOLS OR API OR IN CONNECTION WITH SAP'S PROVISION OF OR FAILURE TO PROVIDE SERVICES PERTAINING TO THE TOOLS OR API, OR AS A RESULT OF ANY DEFECT IN THE API OR TOOLS. THIS DISCLAIMER OF LIABILITY SHALL APPLY REGARDLESS OF THE FORM OF ACTION THAT MAY BE BROUGHT AGAINST SAP, WHETHER IN CONTRACT OR TORT, INCLUDING WITHOUT LIMITATION ANY ACTION FOR NEGLIGENCE. YOUR SOLE REMEDY IN THE EVENT OF BREACH OF THIS DEVELOPER AGREEMENT BY SAP OR FOR ANY OTHER CLAIM RELATED TO THE API OR TOOLS SHALL BE TERMINATION OF THIS AGREEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, UNDER NO CIRCUMSTANCES SHALL SAP AND ITS LICENSORS BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR INDIRECT DAMAGES, LOSS OF GOOD WILL OR BUSINESS PROFITS, WORK STOPPAGE, DATA LOSS, COMPUTER FAILURE OR MALFUNCTION, ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSS, OR EXEMPLARY OR PUNITIVE DAMAGES.
-
-7.  INDEMNITY: You will fully indemnify, hold harmless and defend SAP against law suits based on any claim: (a) that any Customer Application created by You infringes or misappropriates any patent, copyright, trademark, trade secrets, or other proprietary rights of a third party, or (b) related to Your alleged violation of the terms of this Developer Agreement.
-
-8.  EXPORT: The Tools and API are subject to German, EU and US export control regulations. You confirm that: a) You will not use the Tools or API for, and will not allow the Tools or API to be used for, any purposes prohibited by German, EU and US law, including, without limitation, for the development, design, manufacture or production of nuclear, chemical or biological weapons of mass destruction; b) You are not located in Cuba, Iran, Sudan, Iraq, North Korea, Syria, nor any other country to which the United States has prohibited export or that has been designated by the U.S. Government as a "terrorist supporting" country (any, an "US Embargoed Country"); c) You are not a citizen, national or resident of, and are not under the control of, a US Embargoed Country; d) You will not download or otherwise export or re-export the API or Tools, directly or indirectly, to a US Embargoed Country nor to citizens, nationals or residents of a US Embargoed Country; e) You are not listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, and Specially Designated Narcotic Traffickers, nor listed on the United States Department of Commerce Table of Denial Orders or any other U.S. government list of prohibited or restricted parties and f) You will not download or otherwise export or re-export the API or Tools , directly or indirectly, to persons on the above-mentioned lists.
-
-9.  SUPPORT: Other than what is made available on the SAP Community Website (SCN) by SAP at its sole discretion and by SCN members, SAP does not offer support for the API or Tools which are the subject of this Developer Agreement.
-
-10.  TERM AND TERMINATION: You may terminate this Developer Agreement by destroying all copies of the API and Tools on Your Computer(s). SAP may terminate Your license to use the API and Tools immediately if You fail to comply with any of the terms of this Developer Agreement, or, for SAP's convenience by providing you with ten (10) day's written notice of termination (including email). In case of termination or expiration of this Developer Agreement, You must destroy all copies of the API and Tools immediately.  In the event Your Company or any of the intellectual property you create using the API, Tools or Software are acquired (by merger, purchase of stock, assets or intellectual property or exclusive license), or You become employed, by a direct competitor of SAP, then this Development Agreement and all licenses granted in this Developer Agreement shall immediately terminate upon the date of such acquisition.
-
-11.  LAW/VENUE:
-a)  If You are located outside the US or Canada: This Developer Agreement is governed by and construed in accordance with the laws of the Germany. You and SAP agree to submit to the exclusive jurisdiction of, and venue in, the courts of Karlsruhe in Germany in any dispute arising out of or relating to this Developer Agreement.
-b)  If You are located in the US or Canada: This Developer Agreement shall be governed by and construed under the Commonwealth of Pennsylvania law without reference to its conflicts of law principles. In the event of any conflicts between foreign law, rules, and regulations, and United States of America law, rules, and regulations, United States of America law, rules, and regulations shall prevail and govern. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Developer Agreement. The Uniform Computer Information Transactions Act as enacted shall not apply.
-
-12. MISCELLANEOUS: This Developer Agreement is the complete agreement for the API and Tools licensed (including reference to information/documentation contained in a URL). This Developer Agreement supersedes all prior or contemporaneous agreements or representations with regards to the subject matter of this Developer Agreement. If any term of this Developer Agreement is found to be invalid or unenforceable, the surviving provisions shall remain effective. SAP's failure to enforce any right or provisions stipulated in this Developer Agreement will not constitute a waiver of such provision, or any other provision of this Developer Agreement.
+SAP DEVELOPER LICENSE AGREEMENT
+
+Version 3.1
+
+Please scroll down and read the following Developer License Agreement carefully ("Developer Agreement").  By clicking "I Accept" or by attempting to download, or install, or use the SAP software and other materials that accompany this Developer Agreement ("SAP Materials"), You agree that this Developer Agreement forms a legally binding agreement between You ("You" or "Your") and SAP SE, for and on behalf of itself and its subsidiaries and affiliates (as defined in Section 15 of the German Stock Corporation Act) and You agree to be bound by all of the terms and conditions stated in this Developer Agreement. If You are trying to access or download the SAP Materials on behalf of Your employer or as a consultant or agent of a third party (either "Your Company"), You represent and warrant that You have the authority to act on behalf of and bind Your Company to the terms of this Developer Agreement and everywhere in this Developer Agreement that refers to 'You' or 'Your' shall also include Your Company. If You do not agree to these terms, do not click "I Accept", and do not attempt to access or use the SAP Materials.
+
+1.  LICENSE: SAP grants You a non-exclusive, non-transferable, non-sublicensable, revocable, limited use license to copy, reproduce and distribute the application programming interfaces ("API"), documentation, plug-ins, templates, scripts and sample code ("Tools") on a desktop, laptop, tablet, smart phone, or other appropriate computer device that You own or control (any, a "Computer") to create new applications ("Customer Applications"). You agree that the Customer Applications will not: (a) unreasonably impair, degrade or reduce the performance or security of any SAP software applications, services or related technology ("Software"); (b) enable the bypassing or circumventing of SAP's license restrictions and/or provide users with access to the Software to which such users are not licensed; (c) render or provide, without prior written consent from SAP, any information concerning SAP software license terms, Software, or any other information related to SAP products; or (d) permit mass data extraction from an SAP product to a non-SAP product, including use, modification, saving or other processing of such data in the non-SAP product. In exchange for the right to develop Customer Applications under this Agreement, You covenant not to assert any Intellectual Property Rights in Customer Applications created by You against any SAP product, service, or future SAP development.
+
+2.  INTELLECTUAL PROPERTY: (a) SAP or its licensors retain all ownership and intellectual property rights in the APIs, Tools and Software. You may not: a) remove or modify any marks or proprietary notices of SAP, b) provide or make the APIs, Tools or Software available to any third party, c) assign this Developer Agreement or give or transfer the APIs, Tools or Software or an interest in them to another individual or entity, d) decompile, disassemble or reverse engineer (except to the extent permitted by applicable law) the APIs Tools or Software, (e) create derivative works of or based on the APIs, Tools or Software, (f) use any SAP name, trademark or logo, or (g) use the APIs or Tools to modify existing Software or other SAP product functionality or to access the Software or other SAP products' source code or metadata.
+(b) Subject to SAP's underlying rights in any part of the APIs, Tools or Software, You retain all ownership and intellectual property rights in Your Customer Applications.
+
+3. FREE AND OPEN SOURCE COMPONENTS: The SAP Materials may include certain third party free or open source components ("FOSS Components"). You may have additional rights in such FOSS Components that are provided by the third party licensors of those components.
+
+4. THIRD PARTY DEPENDENCIES: The SAP Materials may require certain third party software dependencies ("Dependencies") for the use or operation of such SAP Materials. These dependencies may be identified by SAP in Maven POM files, product documentation or by other means. SAP does not grant You any rights in or to such Dependencies under this Developer Agreement. You are solely responsible for the acquisition, installation and use of Dependencies. SAP DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES IN RESPECT OF DEPENDENCIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR A PARTICULAR PURPOSE. IN PARTICULAR, SAP DOES NOT WARRANT THAT DEPENDENCIES WILL BE AVAILABLE, ERROR FREE, INTEROPERABLE WITH THE SAP MATERIALS, SUITABLE FOR ANY PARTICULAR PURPOSE OR NON-INFRINGING.  YOU ASSUME ALL RISKS ASSOCIATED WITH THE USE OF DEPENDENCIES, INCLUDING WITHOUT LIMITATION RISKS RELATING TO QUALITY, AVAILABILITY, PERFORMANCE, DATA LOSS, UTILITY IN A PRODUCTION ENVIRONMENT, AND NON-INFRINGEMENT. IN NO EVENT WILL SAP BE LIABLE DIRECTLY OR INDIRECTLY IN RESPECT OF ANY USE OF DEPENDENCIES BY YOU.
+
+
+5.  WARRANTY:
+a)  If You are located outside the US or Canada: AS THE API AND TOOLS ARE PROVIDED TO YOU FREE OF CHARGE, SAP DOES NOT GUARANTEE OR WARRANT ANY FEATURES OR QUALITIES OF THE TOOLS OR API OR GIVE ANY UNDERTAKING WITH REGARD TO ANY OTHER QUALITY. NO SUCH WARRANTY OR UNDERTAKING SHALL BE IMPLIED BY YOU FROM ANY DESCRIPTION IN THE API OR TOOLS OR ANY AVAILABLE DOCUMENTATION OR ANY OTHER COMMUNICATION OR ADVERTISEMENT. IN PARTICULAR, SAP DOES NOT WARRANT THAT THE SOFTWARE WILL BE AVAILABLE UNINTERRUPTED, ERROR FREE, OR PERMANENTLY AVAILABLE.  FOR THE TOOLS AND API ALL WARRANTY CLAIMS ARE SUBJECT TO THE LIMITATION OF LIABILITY STIPULATED IN SECTION 4 BELOW.
+b)  If You are located in the US or Canada: THE API AND TOOLS ARE LICENSED TO YOU "AS IS", WITHOUT ANY WARRANTY, ESCROW, TRAINING, MAINTENANCE, OR SERVICE OBLIGATIONS WHATSOEVER ON THE PART OF SAP. SAP MAKES NO EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OF SALE OF ANY TYPE WHATSOEVER, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR A PARTICULAR PURPOSE. IN PARTICULAR, SAP DOES NOT WARRANT THAT THE SOFTWARE WILL BE AVAILABLE UNINTERRUPTED, ERROR FREE, OR PERMANENTLY AVAILABLE.  YOU ASSUME ALL RISKS ASSOCIATED WITH THE USE OF THE API AND TOOLS, INCLUDING WITHOUT LIMITATION RISKS RELATING TO QUALITY, AVAILABILITY, PERFORMANCE, DATA LOSS, AND UTILITY IN A PRODUCTION ENVIRONMENT.
+
+6.  LIMITATION OF LIABILITY:
+a)  If You are located outside the US or Canada: IRRESPECTIVE OF THE LEGAL REASONS, SAP SHALL ONLY BE LIABLE FOR DAMAGES UNDER THIS AGREEMENT IF SUCH DAMAGE (I) CAN BE CLAIMED UNDER THE GERMAN PRODUCT LIABILITY ACT OR (II) IS CAUSED BY INTENTIONAL MISCONDUCT OF SAP OR (III) CONSISTS OF PERSONAL INJURY. IN ALL OTHER CASES, NEITHER SAP NOR ITS EMPLOYEES, AGENTS AND SUBCONTRACTORS SHALL BE LIABLE FOR ANY KIND OF DAMAGE OR CLAIMS HEREUNDER.
+b)  If You are located in the US or Canada: IN NO EVENT SHALL SAP BE LIABLE TO YOU, YOUR COMPANY OR TO ANY THIRD PARTY FOR ANY DAMAGES IN AN AMOUNT IN EXCESS OF $100 ARISING IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE TOOLS OR API OR IN CONNECTION WITH SAP'S PROVISION OF OR FAILURE TO PROVIDE SERVICES PERTAINING TO THE TOOLS OR API, OR AS A RESULT OF ANY DEFECT IN THE API OR TOOLS. THIS DISCLAIMER OF LIABILITY SHALL APPLY REGARDLESS OF THE FORM OF ACTION THAT MAY BE BROUGHT AGAINST SAP, WHETHER IN CONTRACT OR TORT, INCLUDING WITHOUT LIMITATION ANY ACTION FOR NEGLIGENCE. YOUR SOLE REMEDY IN THE EVENT OF BREACH OF THIS DEVELOPER AGREEMENT BY SAP OR FOR ANY OTHER CLAIM RELATED TO THE API OR TOOLS SHALL BE TERMINATION OF THIS AGREEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, UNDER NO CIRCUMSTANCES SHALL SAP AND ITS LICENSORS BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR INDIRECT DAMAGES, LOSS OF GOOD WILL OR BUSINESS PROFITS, WORK STOPPAGE, DATA LOSS, COMPUTER FAILURE OR MALFUNCTION, ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSS, OR EXEMPLARY OR PUNITIVE DAMAGES.
+
+7.  INDEMNITY: You will fully indemnify, hold harmless and defend SAP against law suits based on any claim: (a) that any Customer Application created by You infringes or misappropriates any patent, copyright, trademark, trade secrets, or other proprietary rights of a third party, or (b) related to Your alleged violation of the terms of this Developer Agreement.
+
+8.  EXPORT: The Tools and API are subject to German, EU and US export control regulations. You confirm that: a) You will not use the Tools or API for, and will not allow the Tools or API to be used for, any purposes prohibited by German, EU and US law, including, without limitation, for the development, design, manufacture or production of nuclear, chemical or biological weapons of mass destruction; b) You are not located in Cuba, Iran, Sudan, Iraq, North Korea, Syria, nor any other country to which the United States has prohibited export or that has been designated by the U.S. Government as a "terrorist supporting" country (any, an "US Embargoed Country"); c) You are not a citizen, national or resident of, and are not under the control of, a US Embargoed Country; d) You will not download or otherwise export or re-export the API or Tools, directly or indirectly, to a US Embargoed Country nor to citizens, nationals or residents of a US Embargoed Country; e) You are not listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, and Specially Designated Narcotic Traffickers, nor listed on the United States Department of Commerce Table of Denial Orders or any other U.S. government list of prohibited or restricted parties and f) You will not download or otherwise export or re-export the API or Tools , directly or indirectly, to persons on the above-mentioned lists.
+
+9.  SUPPORT: Other than what is made available on the SAP Community Website (SCN) by SAP at its sole discretion and by SCN members, SAP does not offer support for the API or Tools which are the subject of this Developer Agreement.
+
+10.  TERM AND TERMINATION: You may terminate this Developer Agreement by destroying all copies of the API and Tools on Your Computer(s). SAP may terminate Your license to use the API and Tools immediately if You fail to comply with any of the terms of this Developer Agreement, or, for SAP's convenience by providing you with ten (10) day's written notice of termination (including email). In case of termination or expiration of this Developer Agreement, You must destroy all copies of the API and Tools immediately.  In the event Your Company or any of the intellectual property you create using the API, Tools or Software are acquired (by merger, purchase of stock, assets or intellectual property or exclusive license), or You become employed, by a direct competitor of SAP, then this Development Agreement and all licenses granted in this Developer Agreement shall immediately terminate upon the date of such acquisition.
+
+11.  LAW/VENUE:
+a)  If You are located outside the US or Canada: This Developer Agreement is governed by and construed in accordance with the laws of the Germany. You and SAP agree to submit to the exclusive jurisdiction of, and venue in, the courts of Karlsruhe in Germany in any dispute arising out of or relating to this Developer Agreement.
+b)  If You are located in the US or Canada: This Developer Agreement shall be governed by and construed under the Commonwealth of Pennsylvania law without reference to its conflicts of law principles. In the event of any conflicts between foreign law, rules, and regulations, and United States of America law, rules, and regulations, United States of America law, rules, and regulations shall prevail and govern. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Developer Agreement. The Uniform Computer Information Transactions Act as enacted shall not apply.
+
+12. MISCELLANEOUS: This Developer Agreement is the complete agreement for the API and Tools licensed (including reference to information/documentation contained in a URL). This Developer Agreement supersedes all prior or contemporaneous agreements or representations with regards to the subject matter of this Developer Agreement. If any term of this Developer Agreement is found to be invalid or unenforceable, the surviving provisions shall remain effective. SAP's failure to enforce any right or provisions stipulated in this Developer Agreement will not constitute a waiver of such provision, or any other provision of this Developer Agreement.

package/_hdbext/README.md

@@ -0,0 +1,373 @@
+# DISCLAIMER: This module is a modified version of @sap/hdbext@4.7.5
+
+Due to a security vulnerability in lodash@4.7.11 which is a dependency of @sap/hdbext@4.7.5 we had to upgrade to @sap/hdbext@^7.0.0
+as the issue with lodash is only patched in major version 7 upwards. The @sap/hdbext@^5.0.0 is incompatible to the @sap/node-cds package.
+This is because @sap/node-cds was built on top of the @sap/hdb client, while in @sap/hdbext^5.0.0 the client got replaced with @sap/hana-client.
+Instead of changing the code base to use the @sap/hana-client we re-use the relevant parts of the @sap/hdbext package, bump the lodash dependency
+and bundle the module with @sap/node-cds.
+
+@sap/hdbext
+============
+
+This module provides convenient functions on top of the [hdb][4] module.
+
+The [change log](CHANGELOG.md) describes notable changes in this package.
+
+## Usage
+
+```js
+var hdbext = require('@sap/hdbext');
+```
+
+## API
+
+### createConnection(hanaConfig, callback)
+
+Creates a connection to a HANA database:
+
+```js
+var hanaConfig = {
+  host     : 'hostname',
+  port     : 30015,
+  user     : 'user',
+  password : 'secret'
+};
+hdbext.createConnection(hanaConfig, function(error, client) {
+  if (error) {
+    return console.error(error);
+  }
+
+  client.exec(...);
+});
+```
+
+The `hanaConfig` argument contains [database connection options](#database-connection-options) and [additional options](#additional-options).
+The callback provides a connected `client` object (see [hdb][4]).
+
+If the application will be deployed in Cloud Foundry or XSA, you can use _@sap/xsenv_ package to
+lookup the bound HANA service, like this:
+```js
+var xsenv = require('@sap/xsenv');
+
+var hanaConfig = xsenv.cfServiceCredentials({ tag: 'hdb' });
+hdbext.createConnection(hanaConfig, function(error, client) {
+  //...
+});
+```
+
+#### Database connection options
+
+The HANA options provided to *@sap/hdbext* should be in the same format as expected by the [hdb][5] package.
+
+For convenience these properties set by the HANA service broker in the SAP HANA XS Advanced platform are also accepted:
+* `db_hosts` - can be used instead of the `hosts` property of the [hdb driver][5].
+* `certificate` - can be used instead of `ca` property of the [hdb driver][6].
+__Note:__ `certificate` is a string containing one certificate, while `ca` is an array of certificates.
+
+#### Additional options
+
+A connection created with *@sap/hdbext* can be further configured with the following options:
+
+Option | Type | Description
+-------- | ---- | -----------
+`schema` | string | Used to set current schema.
+`autoCommit` | boolean | Sets the autoCommit flag. If no option is specified it defaults to `true`
+`isolationLevel` | enum | One of `hdbext.constants.isolation` values. Used to set transaction isolation level.
+`locale` | string | Used to set connection locale.
+`session` | object | Object with key/value pairs that will be set as session variables.
+
+##### Special session variables
+
+Some session variables are handled in a special way.
+
+* `XS_APPLICATIONUSER` - can be set to a user token (SAML/JWT) to associate the aplication user with the database connection
+* `SAP_PASSPORT` - used to propagate SAP passport to SAP HANA, used for end-to-end tracing
+* `APPLICATION` - the name of the application initiating the database connection
+
+**Note**: If providing an SAP Passport in the `session` object of the [additional options](#additional-options),
+it should have already been updated with data, specific to the component that consumes *@sap/hdbext*.
+For more information, see the documentation of the *@sap/e2e-trace* package.
+
+The [Express middleware](#express-middleware) provided by this package sets automatically
+`XS_APPLICATIONUSER` and `SAP_PASSPORT` by extracting relevant data from the HTTP request (for requests that use client credentials token only the latter is set).
+
+#### Example
+
+Sample configuration with both [database connection options](#database-connection-options) and [additional options](#additional-options):
+
+```js
+{
+  host: 'my.host',
+  port: 30015,
+  user: 'my_user',
+  password: 'secret',
+  schema: 'name_of_the_schema',
+  isolationLevel: hdbext.constants.isolation.SERIALIZABLE,
+  locale: 'en_US',
+  session: {
+    APPLICATION: 'myapp',
+    SAP_PASSPORT: 'passport'
+  }
+}
+```
+
+### connectionOptions.getGlobalOptions()
+
+Provides default values for these connection options:
+* session.APPLICATION - extracted from VCAP_APPLICATION
+* session.APPLICATIONVERSION - extracted from package.json in current directory
+
+The application can override these defaults by setting these options explicitly.
+
+### connectionOptions.getRequestOptions(req)
+
+Provides these connection options based on the given HTTP request (_req_):
+* session.SAP_PASSPORT (Updated with default component data)
+* session.XS_APPLICATIONUSER (Only for requests that do not use client credentials token)
+* locale
+
+### updateConnectionOptions(client, options, callback)
+
+It is also possible to change options on existing connection by using the `updateConnectionOptions` function:
+
+```js
+hdbext.updateConnectionOptions(client, options, function(error) {
+  if (error) {
+    return console.error(error);
+  }
+
+  // ...
+});
+```
+
+`options` is an object having properties same as the [additional options](#additional-options).
+
+### loadProcedure(client, schemaName, procedureName, callback)
+
+Calling stored procedures could become complex using plain [hdb][4] driver, so there are functionalities provided to simplify these calls.
+
+For example, if you have the following stored procedure:
+
+```sql
+create procedure PROC_DUMMY (in a int, in b int, out c int, out d DUMMY, out e TABLES)
+  language sqlscript
+  reads sql data as
+  begin
+    c := :a + :b;
+    d = select * from DUMMY;
+    e = select * from TABLES;
+  end
+```
+
+you can call it via the [hdb](https://www.npmjs.com/package/hdb) driver in the following way:
+
+```js
+client.prepare('call PROC_DUMMY (?, ?, ?, ?, ?)', function(err, statement) {
+  if (err) {
+    return console.error(err);
+  }
+
+  statement.exec({ A: 3, B: 4 }, function(err, parameters, dummyRows, tableRows) {
+    if (err) {
+      return console.error(err);
+    }
+
+    console.log('C:', parameters.C);
+    console.log('Dummies:', dummyRows);
+    console.log('Tables:', tableRows);
+  });
+});
+```
+
+**Note**: Non-quoted names are automatically converted to uppercase by HANA.
+
+With *@sap/hdbext* you don't need to construct a `CALL` statement. The procedure can be loaded by its name.
+The code can look like this:
+
+```js
+hdbext.loadProcedure(client, 'MY_SCHEMA', 'PROC_DUMMY', function(err, sp) {
+  sp({ A: 3, B: 4 }, function(err, parameters, dummyRows, tableRows) {
+    if (err) {
+      return console.error(err);
+    }
+
+    console.log('C:', parameters.C);
+    console.log('Dummies:', dummyRows);
+    console.log('Tables:', tableRows);
+  });
+});
+```
+
+To use the current schema, pass an empty string `''`, `null` or `undefined` for schema.
+
+`loadProcedure(client, schemaName, procedureName, callback)` retruns a JavaScript function which you can call directly.
+The function has the `paramsMetadata` property containing metadata for all parameters of the stored procedure.
+This could be useful if you need to implement generic stored procedures calling.
+
+You can also pass the input parameters directly in the proper order:
+
+```js
+sp(3, 4, function(err, parameters, dummyRows, tableRows) {
+  // ...
+});
+```
+
+or as an array:
+
+```js
+sp([3, 4], function(err, parameters, dummyRows, tableRows) {
+  // ...
+});
+```
+
+Where the big advantage comes in, is with table parameters.
+You can pass an array of objects and *@sap/hdbext* will auto convert it into a table parameter.
+Say we have a `customer` table with `ID` and `NAME` columns and the following procedure:
+
+```sql
+create procedure "getCustomers" (in in_table_1 "customer")
+language sqlscript reads sql data as begin
+select * from :in_table_1;
+end;
+```
+
+You can call it like this:
+
+```js
+client.loadProcedure('MY_SCHEMA', 'getCustomers', function(err, sp) {
+  if (err) {
+    return console.error(err);
+  }
+
+  sp([
+    { ID: 1, NAME: 'alex' },
+    { ID: 2, NAME: 'peter' }
+  ], function(err, parameters, dummyRows, tableRows) {
+    // ...
+  });
+});
+```
+
+In this example each array element represents a table row. Property names should case-sensitively match the corresponding column names.
+
+Internally *@sap/hdbext* creates a local temporary table in the current schema for each table parameter.
+Thus, the current user needs the respective permissions.
+
+Input arguments for parameters that have default values can be skipped in order to use the defined defaults.
+It is recommended to pass the input as an object in those cases. In this way the application code would be independent
+from the order in which parameters with default values are defined in the procedure.
+When the parameters are passed in a sequence (i.e. as an array or are passed directly in the proper order),
+input arguments can be skipped only for the parameters which are after the last mandatory parameter in the procedure's list.
+
+
+### Connection Pooling
+
+*@sap/hdbext* implements a simple [generic-pool][1] for pooling connections.
+
+To use it you first synchronously create the pool:
+
+```js
+var pool = hdbext.getPool(hanaConfig, poolConfig);
+```
+
+The `hanaConfig` argument contains both [database connection options](#database-connection-options) and [additional options](#additional-options).
+
+The `poolConfig` argument is optional. It may contain configurations for the pool itself.
+
+You can acquire a client from the pool. It is delivered via a callback:
+
+```js
+pool.acquire(function(err, client) {
+  // ...
+});
+```
+
+If settings of the pooled connection need to be changed, an optional `options` object can be used.
+```js
+pool.acquire(options, function(err, client) {
+  // ...
+});
+```
+Refer to the [additional options](#additional-options) section for more details.
+
+
+When the client is no longer needed you should release it to the pool with `pool.release(client);`, `client.close();` or `client.disconnect();`.
+
+When the pool is no longer needed you can dispose of the idle connections by draining the pool with `pool.drain()`.
+
+The following property can be used to access the actual pool (refer to the generic-pool module):
+```js
+pool.pool
+```
+
+For managing your own pools, you can use:
+```js
+var pool = hdbext.createPool(hanaConfig, poolConfig);
+```
+The options hanaConfig and poolConfig are same as above.
+
+### Express Middleware
+
+*@sap/hdbext* provides an [Express][3] [middleware][2] which allows easy access to a connection pool in an Express based application.
+In the background a connection pool is created. The connection is automatically returned to the pool when the express request is closed or finished.
+
+```js
+var hdbext = require('@sap/hdbext');
+var express = require('express');
+
+var app = express();
+app.use(hdbext.middleware(hanaConfig, poolConfig));
+
+app.get('/execute-query', function (req, res) {
+  var client = req.db;
+
+  client.exec('SELECT * FROM DUMMY', function (err, rs) {
+    if (err) {
+      return res.end('Error: ' + err.message);
+    }
+
+    res.end(JSON.stringify(rs));
+  });
+});
+```
+
+The argument `hanaConfig` may contain both [database connection options](#database-connection-options) and [additional options](#additional-options).
+
+The argument `poolConfig` is optional. It may contain configurations for the created pool.
+
+The middleware sets the `XS_APPLICATIONUSER` and the `SAP_PASSPORT` session variables automatically,
+if the corresponding data is available in the HTTP request. For requests that use client credentials token only the latter is set.
+It also sets `APPLICATION` and `APPLICATIONVERSION` session variables automatically to some
+default values extracted from the environment.
+
+### SQL Parameter Utilities
+
+The `hdbext.sqlInjectionUtils` object contains several synchronous utility functions that can be used to prevent SQL injections.
+
+#### isAcceptableParameter(value, maxToken)
+
+Returns true if `value` can be used to construct SQL statements.
+The number of tokens a value is allowed to contain is set via the optional `maxToken` argument. Defaults to 1.
+
+#### isAcceptableQuotedParameter(value)
+
+Returns true if the provided `value` is quoted correctly and can be used in an SQL statement.
+
+#### escapeDoubleQuotes(value)
+
+Returns the `value` parameter with all double quotation marks escaped (i. e. doubled).
+
+#### escapeSingleQuotes(value)
+
+Returns the `value` parameter with all single quotation marks escaped (i. e. doubled).
+
+## Troubleshooting
+
+To enable tracing, you should set the environment variable `DEBUG` to `hdbext:*`.
+
+[1]: https://github.com/coopernurse/node-pool
+[2]: http://expressjs.com/guide/using-middleware.html
+[3]: http://expressjs.com/
+[4]: https://www.npmjs.com/package/hdb
+[5]: https://www.npmjs.com/package/hdb#establish-a-database-connection
+[6]: https://www.npmjs.com/package/hdb#encrypted-network-communication

package/_hdbext/index.js

@@ -0,0 +1,4 @@
+'use strict';
+
+exports.getPool = require('./lib/pool').getPool;
+exports.middleware = require('./lib/middleware').middleware;

package/_hdbext/lib/client-factory.js

@@ -0,0 +1,62 @@
+'use strict';
+
+var assert = require('assert');
+var _ = require('lodash');
+var hdb = require('hdb');
+var clientSession = require('./client-session');
+
+module.exports.createConnection = createConnection;
+module.exports.openBaseConnection = openBaseConnection;
+
+
+function createConnection(options, callback) {
+  openBaseConnection(options, function (err, client) {
+    if (err) {
+      client.close();
+      return callback(err);
+    }
+    clientSession.updateConnectionOptions(client, options, function (err) {
+      if (err) {
+        client.close();
+        client = null;
+      }
+      callback(err, client);
+    });
+  });
+}
+
+function openBaseConnection(options, callback) {
+  options = normalizeOptions(options);
+
+  var client = hdb.createClient(options);
+  client.on('error', function (err) {
+    console.error('Network connection error: ', err); // eslint-disable-line no-console
+  });
+  client.connect(function (err) {
+    callback(err, client);
+  });
+}
+
+function normalizeOptions(options) {
+  options = _.clone(options);
+
+  if (!options.hosts && options.db_hosts) {
+    assert(Array.isArray(options.db_hosts), 'options.db_hosts should be an array');
+    options.hosts = options.db_hosts;
+    delete options.db_hosts;
+  }
+
+  if (!options.ca && options.certificate) {
+    options.ca = [options.certificate];
+    delete options.certificate;
+  }
+
+  // hdb driver does not filter the properties passed to it
+  // and 'session' property is interpreted by the 'tls' module in hdb.
+  // Its value is rejected if it is not a Buffer.
+  if (options.session && !Buffer.isBuffer(options.session)) {
+    delete options.session;
+  }
+
+  return options;
+}