npm - @sap/cds - Versions diffs - 7.9.2 → 7.9.3 - Mend

@sap/cds 7.9.2 → 7.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +13 -1
package/lib/auth/ias-auth.js +15 -1
package/lib/auth/jwt-auth.js +16 -2
package/lib/compile/to/srvinfo.js +1 -1
package/lib/plugins.js +1 -1
package/lib/utils/cds-test.js +1 -1
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/edm/AbstractEdmStructuredType.js +1 -1
package/libx/_runtime/db/generic/rewrite.js +26 -4
package/libx/outbox/index.js +1 -1
package/package.json +1 -6

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,18 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
+## Version 7.9.3 - 2024-06-27
+### Fixed
+- `cds compile --to serviceinfo` returns the correct URL path for Java applications.
+- Prevent HANA deadlocks when processing outbox table
+- Invalid cache for `SiblingEntity` requests
+- `cds.test` recommends version 7 of `chai-as-promised`.  Version 8 is ESM-only and does not work with `cds.test` at the moment.
+- Loading of `cds.plugins` now respects the (internal!) property `cds.env.plugins` again.
+- `req.data` and `req.INSERT.entries` were not pointing to same object if it contains more than one entry.
 ## Version 7.9.2 - 2024-05-22
 ### Fixed
@@ -19,7 +31,7 @@
 ### Fixed
 - `cds.compile.to.sql` doesn't fail for older compiler versions if `postgres` keywords aren't defined
-- `cds compile --to serviceinfo` no longer detects a Java project if there is a poml.xml file in a subfolder of `app/`
+- `cds compile --to serviceinfo` no longer detects a Java project if there is a pom.xml file in a subfolder of `app/`
 - `acquireTimeoutMillis` is ensured if custom pool config is provided
 ## Version 7.9.0 - 2024-04-30

package/lib/auth/ias-auth.js CHANGED Viewed

@@ -3,7 +3,14 @@ const LOG = cds.log('auth')
 // _require for better error message
 const _require = require('../../libx/_runtime/common/utils/require')
-const xssec = _require('@sap/xssec')
+let xssec = _require('@sap/xssec')
+let xssec4 = false
+// use v3 compat api
+if (xssec.v3) {
+  xssec = xssec.v3
+  xssec4 = true
+}
 // getter function extracted to show deprecation warning only once
 const _getTokenInfo = tokenInfo => tokenInfo
@@ -46,6 +53,13 @@ module.exports = function ias_auth(config) {
   return (req, _, next) => {
     const token = req.headers.authorization?.split(/^bearer /i)[1]
+    if (!token && xssec4) {
+      LOG._debug && LOG.debug('No authorization header provided, continuing with default user.')
+      req.user = new cds.User.default()
+      return next()
+    }
     xssec.createSecurityContext(token, credentials, 'IAS', function (err, securityContext, tokenInfo) {
       // REVISIT: ias impl not as sophisticated as xsuaa impl, so we need to be more tolerant here -> xssec issue 221
       // if (err && !tokenInfo) {

package/lib/auth/jwt-auth.js CHANGED Viewed

@@ -3,7 +3,14 @@ const LOG = cds.log('auth')
 // _require for better error message
 const _require = require('../../libx/_runtime/common/utils/require')
-const xssec = _require('@sap/xssec')
+let xssec = _require('@sap/xssec')
+let xssec4 = false
+// use v3 compat api
+if (xssec.v3) {
+  xssec = xssec.v3
+  xssec4 = true
+}
 // getter function extracted to show deprecation warning only once
 const _getTokenInfo = tokenInfo => tokenInfo
@@ -13,7 +20,7 @@ module.exports = function jwt_auth(config) {
   if (!credentials) {
     let msg = `Authentication kind "${kind}" configured, but no XSUAA instance bound to application.`
-    msg += ' Either bind an IAS instance, or switch to an authentication kind that does not require a binding.'
+    msg += ' Either bind an XSUAA instance, or switch to an authentication kind that does not require a binding.'
     throw new Error(msg)
   }
@@ -48,6 +55,13 @@ module.exports = function jwt_auth(config) {
   return (req, _, next) => {
     const token = req.headers.authorization?.split(/^bearer /i)[1]
+    if (!token && xssec4) {
+      LOG._debug && LOG.debug('No authorization header provided, continuing with default user.')
+      req.user = new cds.User.default()
+      return next()
+    }
     xssec.createSecurityContext(token, credentials, function (err, securityContext, tokenInfo) {
       if (err && !tokenInfo) {
         // here, there is a general problem, .e.g., bad credentials -> throw the error

package/lib/compile/to/srvinfo.js CHANGED Viewed

@@ -90,7 +90,7 @@ module.exports = (model, options={}) => {
     const javaPrefixDefault = 'odata/v4/'
     const roots = [ cds.env.folders.db, cds.env.folders.srv ].map(d => join(root, d))
     for (let r of roots) {
-      const file = isfile (join (r,'../src/main/resources/application.yaml'))
+      const file = isfile (join (r,'./src/main/resources/application.yaml'))
       if (file) {
         const yaml = cds.load.yaml(file)
         for (let yamlDoc of Array.isArray(yaml) ? yaml : [yaml]) {

package/lib/plugins.js CHANGED Viewed

@@ -30,7 +30,7 @@ exports.fetch = function (DEV = process.env.NODE_ENV !== 'production') {
 exports.activate = async function () {
   const DEBUG = cds.debug ('plugins', {label:'cds'})
   DEBUG && console.time ('[cds] - loaded plugins in')
-  const plugins = exports.fetch(), { local } = cds.utils
+  const { plugins } = cds.env, { local } = cds.utils
   await Promise.all (Object.entries(plugins) .map (async ([ plugin, conf ]) => {
     DEBUG?.(`loading plugin ${plugin}:`, { impl: local(conf.impl) })
     // TODO: support ESM plugins. But see cap/cds/pull/1838#issuecomment-1177200 !

package/lib/utils/cds-test.js CHANGED Viewed

@@ -170,7 +170,7 @@ class Test extends require('./axios') {
     function require (mod) { try { return module.require(mod) } catch(e) {
       if (e.code === 'MODULE_NOT_FOUND') throw new Error (`
       Failed to load required package '${mod}'. Please add it thru:
-      npm add -D chai@4 chai-as-promised chai-subset
+      npm add -D chai@4 chai-as-promised@7 chai-subset
     `)}}
   }
   get assert() { return this.chai.assert }

package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/edm/AbstractEdmStructuredType.js CHANGED Viewed

@@ -194,7 +194,7 @@ class AbstractEdmStructuredType extends EdmType {
     if (!this._navigationProperties) {
       this._navigationProperties = new Map(this.getBaseType() ? this.getBaseType().getNavigationProperties() : [])
       for (const [name, property] of this.getOwnNavigationProperties()) {
-        if (ignoreSibling && name === 'SiblingEntity') continue;
+        if (!cds.env.fiori.lean_draft && ignoreSibling && name === 'SiblingEntity') continue; // This will cause subtle caching bugs but will enable expand=* in old draft
         this._navigationProperties.set(name, property)
       }
     }

package/libx/_runtime/db/generic/rewrite.js CHANGED Viewed

@@ -2,13 +2,32 @@ const cds = require('../../cds')
 const { cqn2cqn4sql } = require('../../common/utils/cqn2cqn4sql')
 const { generateAliases } = require('../utils/generateAliases')
+/**
+ * Restores the link of `req.data` and `req.query` in case `req.query` was overwritten.
+ * Only applicable for `UPDATE`s and `INSERT`s.
+ *
+ * @param { import('@sap/cds').Request } req
+ */
 const _restoreLink = req => {
   if (req.query.INSERT?.entries) {
-    return (req.data = Array.isArray(req.query.INSERT.entries) ? req.query.INSERT.entries[0] : req.query.INSERT.entries)
+    if (Array.isArray(req.query.INSERT.entries)) req.data = req.query.INSERT.entries[0]
+    else req.data = req.query.INSERT.entries
+  } else if (req.query.UPDATE?.data) {
+    req.data = req.query.UPDATE.data
   }
+}
+const _isLinked = req => {
+  if (req.query.INSERT?.entries) {
+    if (Array.isArray(req.query.INSERT.entries)) return req.data === req.query.INSERT.entries[0]
+    return req.data === req.query.INSERT.entries
+  }
   if (req.query.UPDATE?.data) {
-    return (req.data = req.query.UPDATE.data)
+    return req.data === req.query.UPDATE.data
   }
+  return false
 }
 function handler(req) {
@@ -30,14 +49,17 @@ function handler(req) {
   const _streaming = cds.env.features.stream_compat && req.query._streaming
+  // for restore link to req.data
+  const linked = _isLinked(req)
   // convert to sql cqn
   req.query = cqn2cqn4sql(req.query, this.model, { service: this })
+  // REVISIT: should not be necessary
   // restore link to req.data
-  _restoreLink(req)
+  if (linked) _restoreLink(req)
   if (_streaming) req.query._streaming = _streaming
   generateAliases(req.query)
 }

package/libx/outbox/index.js CHANGED Viewed

@@ -61,7 +61,7 @@ const processMessages = async (service, tenant, _opts = {}) => {
       try {
         const messagesQuery = SELECT.from(messagesEntity)
           .where({ target: name })
-          .orderBy('timestamp')
+          .orderBy(['timestamp', 'ID'])
           .limit(opts.chunkSize)
           .forUpdate()
         if (opts.maxAttempts) messagesQuery.where({ attempts: { '<': opts.maxAttempts } })

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "7.9.2",
+  "version": "7.9.3",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -37,10 +37,5 @@
     "@sap/cds-compiler": "^4",
     "@sap/cds-fiori": "^1",
     "@sap/cds-foss": "^5.0.0"
-  },
-  "cds": {
-    "plugins": [
-      "@sap/cds-fiori"
-    ]
   }
 }