@sap/cds 8.2.3 → 8.3.1

package/CHANGELOG.md

@@ -4,6 +4,47 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 8.3.1 - 2024-10-08
+
+### Fixed
+
+- Erroneous caching in `cds.validate`
+- Precedence of request headers for `cds.context.id`
+- For `quoted` names, overwrite `@cds.persistence.name` for drafts and localized views properly
+- Do not use hana error code as http status code
+
+## Version 8.3.0 - 2024-09-30
+
+### Added
+
+- `cds.deploy` can now also write its DDL statements to a separate log
+- Symlinks are followed in `cds test`
+
+### Changed
+
+- Unknown protocols in `@protocol` annotations formerly prevented server starts; they are merely ignored now with a warning in the logs.
+- Deprecated configuration flag `cds.env.features.keys_in_data_compat` because of incompatibility with data validation in new OData adapter.
+- `@cds.api.ignore` doesn't suppress an association, the annotation is propagated to the (generated) foreign keys.
+- Where clauses of restrictions for bound actions and functions defined by `@restrict` are now enforced and no longer ignored.
+- `@cap-js/telemetry` is now loaded before other plugins to allow better instrumentation.
+
+### Fixed
+
+- When modifying active children of of draft-enabled entities directly (`bypass_draft`), the error message was misleading.
+- Cleaning up drafts calls `CANCEL` handlers
+- Allow to call `CANCEL` on draft entities programmatically
+- Encoding of `@odata.nextLink` path
+- Computed fields are ignored in projections
+- Consider `id` in a `ref` step for mapping of service elements to their name on the db.
+- Feature toggles with new OData adapter.
+- Target entity was incorrectly calculated for some actions in new OData adapter.
+- `req.diff()` does not manipulate existing queries anymore.
+- New OData adapter: normalize on commit error in `/$batch`
+
+### Removed
+
+- Alpha support for SAP Event Broker-based messaging (kind `event-broker`). Use CDS plugin `@cap-js/event-broker` instead.
+
 ## Version 8.2.3 - 2024-09-20
 
 ### Changed
@@ -54,7 +95,9 @@
 
 ### Changed
 
-- Revert workaround from 8.1.0 for server startup message `WARNING: Package '@sap/cds' was loaded from different installations`. This is now addressed in `@sap/cds-mtxs` 2.0.5
+- Revert workaround from 8.1.0 for server startup message `WARNING: Package '@sap/cds' was loaded from different installations`. This is now addressed in `@sap/cds-mtxs` 2.0.5.
+- When parsing CSV files, `cds.deploy` no longer doubles a literal `\` character (backslash) with a second backslash (`\\`), but retains it as-is.  This caused unwanted data changes.
+- Optimized handling of large binaries (BLOBs) in case of drafts. Unchanged BLOBs are not copied into the draft entity. If those BLOBs from draft entities are requested, the unchanged BLOBs will be fetched from the corresponding active entity. Note that this change may require adjustment of custom logic, if large binaries from draft entities are requested (for example, using `ql.SELECT` statement). To restore previous behavior use `cds.features.binary_draft_compat`.
 
 ### Fixed
 
@@ -76,7 +119,6 @@
    [...linked.definitions].map(d => d.name)
    ```
 
-
 ## Version 8.1.1 - 2024-08-08
 
 ### Fixed
@@ -406,7 +448,6 @@
 
 ### Changed
 
-- Optimized handling of large binaries (BLOBs) in case of drafts. Unchanged BLOBs are not copied into the draft entity. If those BLOBs from draft entities are requested, the unchanged BLOBs will be fetched from the corresponding active entity. Note that this change may require adjustment of custom logic, if large binaries from draft entities are requested (for example, using `ql.SELECT` statement). To restore previous behavior use `cds.features.binary_draft_compat`.
 - The index page now lists all service endpoints, which is important for services that are exposed through multiple protocols.
 - `cds.deploy` improves error diagnostics with deeper `Query` object inspection.
 - Slightly changed the default export for ESM compatibility. This fixed failing ESM imports in Vitest tests.

package/bin/test.js

@@ -67,7 +67,7 @@ async function find (argv,o,recent) {
   if (files.length && !roots.length && !includes.length) return files //> all files resolved
 
   // Prepare UNIX find command to fetch matching files
-  let find = `find ${roots.join(' ')||'.'} -type f`
+  let find = `find -L ${roots.join(' ')||'.'} -type f`
   if (patterns.length) find += ` \\( ${ patterns.map (p=>`-name "${p.replace(/^([^*])/,'*$1')}"`).join(' -o ') } \\)`
   if (includes.length) find += ` \\( ${ includes.map (p=>`-regex .*${p.replace(/\./g,'\\\\.')}.*`).join(' -o ') } \\)`
   if (excludes.length) find += ` \\( ${ excludes.map (x=>`! -regex .*${x.replace(/\./g,'\\\\.')}.*`).join(' ') } \\)`

package/lib/compile/etc/_localized.js

@@ -83,6 +83,7 @@ function unfold_csn (m) { // NOSONAR
 	function _add_proxy4 (d, name, callback) {
 		if (name in m.definitions) return DEBUG && DEBUG ('NOT overriding existing:', name)
 		const x = {__proto__:d, name };   DEBUG && DEBUG ('adding proxy:', x)
+		if (d['@cds.persistence.name']) x['@cds.persistence.name'] = `localized.${d['@cds.persistence.name']}`
 		Object.defineProperty (m.definitions, name, {value:x,writable:true,configurable:true})
 		if (callback) callback(x)
 	}

package/lib/compile/etc/csv.js

@@ -44,7 +44,7 @@ function parse (csv) {
       }
       else {  // normal char
         if (val === undefined)  val = ''
-        val += c === '\\' ? '\\\\' : c
+        val += c
       }
     }
 

package/lib/compile/for/lean_drafts.js

@@ -64,6 +64,11 @@ module.exports = function cds_compile_for_lean_drafts(csn) {
       elements: { ...active.elements, ...Draft.elements },
       query: undefined
     }
+
+    // for quoted names, we need to overwrite the cds.persistence.name of the derived, draft entity
+    if (active['@cds.persistence.name'])
+      draft['@cds.persistence.name'] = active['@cds.persistence.name'] + '_drafts'
+    
     Object.defineProperty(model.definitions, _draftEntity, { value: draft })
     Object.defineProperty(active, 'drafts', { value: draft })
     Object.defineProperty(active, 'actives', { value: active })

package/lib/dbs/cds-deploy.js

@@ -60,6 +60,9 @@ const deploy = module.exports = function cds_deploy (model, options, csvs) {
 deploy.schema = async function (db, csn = db.model, o) {
 
   if (!o.to || o.to === db.options.kind)  o = { ...db.options, ...o }
+  let schema_log
+  if (Array.isArray(o.schema_log)) schema_log = { log: (...args) => args.length ? o.schema_log.push(...args) : o.schema_log.push('') }
+  else if (o.dry)                  schema_log = console
 
   let drops, creas
   let schevo = (o.kind === 'postgres' && o.schema_evolution !== false)
@@ -82,7 +85,7 @@ deploy.schema = async function (db, csn = db.model, o) {
     }
     o.schema_evolution = 'auto' // for INSERT_from4 below
     // cds deploy --model-only > fills in table cds_model above
-    if (o['model-only']) return o.dry && console.log(after)
+    if (o['model-only']) return o.dry && schema_log.log(after)
     // cds deploy -- with auto schema evolution > upgrade by applying delta to former model
     creas = createsAndAlters
     drops = d
@@ -108,11 +111,11 @@ deploy.schema = async function (db, csn = db.model, o) {
 
   if (!drops.length && !creas.length) return !o.dry
 
-  if (o.dry) {
-    console.log(); for (let each of drops) console.log(each)
-    console.log(); for (let each of creas) console.log(each, '\n')
-    return
+  if (schema_log) {
+    schema_log.log(); for (let each of drops) schema_log.log(each)
+    schema_log.log(); for (let each of creas) schema_log.log(each, '\n')
   }
+  if (o.dry)  return
 
   await db.run(drops)
   await db.run(creas)

package/lib/env/cds-requires.js

@@ -231,19 +231,6 @@ const _messaging = {
     vcap: { label: "enterprise-messaging" },
     outbox: true
   },
-  "event-broker": {
-    impl: `${_runtime}/messaging/event-broker.js`,
-    format: 'cloudevents',
-    vcap: {
-      label: "event-broker"
-    }
-  },
-  "event-broker-internal": {
-    kind: "event-broker",
-    vcap: {
-      label: "eventmesh-sap2sap-internal"
-    }
-  },
   'message-queuing': {
     impl: `${_runtime}/messaging/message-queuing.js`,
     outbox: true

package/lib/linked/validate.js

@@ -241,14 +241,16 @@ class Association extends struct {
 /** Compositions are like nested entities, validating deep input against their target entity definitions. */
 class Composition extends entity {
   validate (data, path, ctx) { if (!data) return
-    const elements = this._target.elements
-    const uplinks = {} // statically determine the uplinks for this composition
-    if (this.on) for (let {ref} of this.on) if (ref?.[0] === this.name) {
-      const fk = ref[1], fk_ = fk+'_'; uplinks[fk] = true
-      for (let e in elements) if (e.startsWith(fk_)) uplinks[e] = true
-    }
-    this.validate = (data, path, ctx) => super.validate (data, path, ctx, elements, uplinks)
-    this.validate (data, path, ctx) // call first time
+    const _validate = this.own('_validate', () => {
+      const elements = this._target.elements
+      const uplinks = {} // statically determine the uplinks for this composition
+      if (this.on) for (let {ref} of this.on) if (ref?.[0] === this.name) {
+        const fk = ref[1], fk_ = fk+'_'; uplinks[fk] = true
+        for (let e in elements) if (e.startsWith(fk_)) uplinks[e] = true
+      }
+      return (data, path, ctx) => super.validate (data, path, ctx, elements, uplinks)
+    })
+    _validate (data, path, ctx)
   }
 }
 
@@ -312,4 +314,4 @@ $.LargeBinary.prototype .type_check = v => Buffer.isBuffer(v) || typeof v === 's
 $.LargeString.prototype .type_check = v => Buffer.isBuffer(v) || typeof v === 'string' || v instanceof Readable
 
 // Mixin above class extensions to cds.linked.classes
-$.mixin ( Decimal, string, $any, action, array, struct, entity, Association, Composition )
+$.mixin ( Decimal, string, $any, action, array, struct, entity, Association, Composition )

package/lib/log/cds-error.js

@@ -1,17 +1,17 @@
-const { format } = require('util'), _formatted = v => format(v)
+const { format, inspect } = require('../utils/cds-utils')
 
 
 /**
- * This is the implementation of cds.error().
+ * Constructs and optionally throws an Error object.
  * Usage variants:
  *
  *       cds.error `Message with formatted: ${{foo:'bar'}}`
  *       cds.error ({ message, code, ... })
  *       cds.error (message, { code, ... })
- *       let e = new cds.error(...) //> will not throw
+ *       cds.error (status, message, { code, ... })
  *
  * Calling `cds.error()` with `new` returns the newly created Error,
- * while calling it without `new` it throws immediately. The latter is
+ * while calling it without `new` throws immediately. The latter is
  * useful for usages like that:
  *
  *     let x = y || cds.error `Argument 'y' must not be null`
@@ -19,6 +19,7 @@ const { format } = require('util'), _formatted = v => format(v)
 const error = exports = module.exports = function cds_error ( message, details, caller ) {
   let e
   if (message.raw) [ message, details, caller ] = [ error.message(...arguments) ]
+  if (typeof message === 'number') [ message, details ] = [ details, {status:message} ]
   if (typeof message === 'string') {
     e = new Error(message)
   } else {
@@ -41,7 +42,9 @@ const error = exports = module.exports = function cds_error ( message, details,
  *     //> x = A sample message with a string and [object Object], and 1,2,3
  *     //> y = with a string, { an: 'object' }, and [ 1, 2, 3 ]
  */
-exports.message = (strings,...values) => String.raw(strings,...values.map(_formatted))
+exports.message = (strings,...values) => {
+  return String.raw(strings,...values.map(v => format(v)))
+}
 
 
 /**
@@ -53,9 +56,9 @@ exports.message = (strings,...values) => String.raw(strings,...values.map(_forma
  *     typeof x === 'string' || cds.error.expected `${{x}} to be a string`
  *     //> Error: Expected argument 'x' to be a string, but got: { foo: 'bar' }
  */
-const expected = exports.expected = ([,type], arg) => {
+exports.expected = ([,type], arg) => {
   const [ name, value ] = Object.entries(arg)[0]
-  return error (`Expected argument '${name}'${type}, but got: ${require('util').inspect(value,{depth:11})}`, undefined, expected)
+  return error (`Expected argument '${name}'${type}, but got: ${inspect(value)}`, undefined, error.expected)
 }
 
 

package/lib/plugins.js

@@ -1,5 +1,7 @@
-
 const cds = require('.')
+const prio_plugins = {
+  '@cap-js/telemetry': true // to allow better instrumentation.
+}
 
 exports.require = require
 
@@ -31,7 +33,7 @@ exports.activate = async function () {
   const DEBUG = cds.debug ('plugins', {label:'cds'})
   DEBUG?.time ('[cds] - loaded plugins in')
   const { plugins } = cds.env, { local } = cds.utils
-  await Promise.all (Object.entries(plugins) .map (async ([ plugin, conf ]) => {
+  const loadPlugin = async ([plugin, conf]) => {
     DEBUG?.(`loading plugin ${plugin}:`, { impl: local(conf.impl) })
     // TODO: support ESM plugins. But see cap/cds/pull/1838#issuecomment-1177200 !
     const p = require (conf.impl)
@@ -43,7 +45,10 @@ exports.activate = async function () {
       await p.activate(conf)
     }
     return p
-  }))
+  }
+  const all = Object.entries(plugins)
+  await Promise.all (all .filter(([name]) =>  prio_plugins[name]) .map (loadPlugin))
+  await Promise.all (all .filter(([name]) => !prio_plugins[name]) .map (loadPlugin))
   DEBUG?.timeEnd ('[cds] - loaded plugins in')
   return plugins
 }

package/lib/srv/middlewares/cds-context.js

@@ -9,7 +9,7 @@ const { EventContext } = cds
 module.exports = () => {
   /** @type { import('express').Handler } */
   return function cds_context (req, res, next) {
-    const id = req.headers[corr_id] ??= req.headers[req_id] || req.headers[vr_id] || req.headers[crippled_corr_id] || uuid()
+    const id = req.headers[corr_id] ??= req.headers[crippled_corr_id] || req.headers[req_id] || req.headers[vr_id] || uuid()
     const ctx = EventContext.for ({ id, http: { req, res } })
     res.set ('X-Correlation-ID', id) // Note: we use capitalized style here as that's common standard in HTTP world
     cds._context.run (ctx, next)

package/lib/srv/middlewares/errors.js

@@ -1,5 +1,7 @@
 const production = process.env.NODE_ENV === 'production'
-const cds = require ('../..'), LOG = cds.log('error')
+const cds = require ('../..')
+const LOG = cds.log('error')
+const { inspect } = cds.utils
 
 module.exports = () => {
   return function http_error (error, req, res, _next) { // eslint-disable-line no-unused-vars
@@ -15,9 +17,9 @@ module.exports = () => {
     if (!production && error.stack) error.stack = error.stack.replace(/\n {4}at .*(?:node_modules\/express|node:internal).*/g,'')
 
     if (400 <= status && status < 500) {
-      LOG.warn (status, '>', error)
+      LOG.warn (status, '>', inspect(error))
     } else {
-      LOG.error (status, '>', error)
+      LOG.error (status, '>', inspect(error))
     }
 
     // Expose as little information as possible in production, and as much as possible in development

package/lib/srv/protocols/index.js

@@ -56,7 +56,7 @@ class Protocols {
       // app.disable('x-powered-by')
     }
 
-    for (let { kind, path } of endpoints) {
+    if (endpoints) for (let { kind, path } of endpoints) {
 
       // construct adapter instance from resolved implementation
       let adapter = cached[kind]; if (!adapter) {
@@ -117,11 +117,11 @@ class Protocols {
     // canonicalize to { kind, path } objects
     const endpoints = annos.map (each => {
       let { kind = each['='] || each, path } = each
-      let { path: prefix } = this[kind] || cds.error `Unknown protocol: ${kind}`
+      if (!(kind in this)) return cds.log('adapters').warn ('ignoring unknown protocol:', kind)
       if (typeof path !== 'string') path = o?.at || o?.path || def['@path'] || _slugified(srv.name)
-      if (path[0] !== '/') path = prefix+'/'+path
+      if (path[0] !== '/') path = this[kind].path + '/' + path // prefix with protocol path
       return { kind, path }
-    })
+    }) .filter (e => e) //> skipping unknown protocols
 
     return endpoints.length && endpoints
   }

package/lib/srv/srv-methods.js

@@ -71,6 +71,7 @@ const add_handler_for = (srv, def) => {
 
     // ensure legacy compat, keys in req.data
     if(cds.env.features.keys_in_data_compat && target) {
+      cds.utils.deprecated({ old: 'flag cds.env.features.keys_in_data_compat'})
       // named/positional variant of keys
       const named = req.params.length === 1 && typeof req.params[0] === 'object'
 

package/lib/utils/cds-test.js

@@ -221,7 +221,8 @@ let _expect = undefined
     global.beforeEach = beforeEach
     global.afterEach = afterEach
     global.expect = _expect = require('../test/expect')
-    suite ('<next>', ()=>{}) //> to signal the start of a test file
+    // suite was introduced in Node 22
+    suite?.('<next>', ()=>{}) //> to signal the start of a test file
 
   }
 

package/lib/utils/cds-utils.js

@@ -2,15 +2,27 @@ const cwd = process.env._original_cwd || process.cwd()
 const cds = require('../index')
 
 module.exports = exports = new class {
+  get colors() { return super.colors = require('./colors') }
   get inflect() { return super.inflect = require('./inflect') }
-  get inspect() { return super.inspect = require('util').inspect }
+  get inspect() {
+    const options = { depth: 11, colors: this.colors.enabled }
+    const {inspect} = require('node:util')
+    return super.inspect = v => inspect(v,options)
+  }
+  get format() {
+    const {format} = require('node:util')
+    return super.format = format
+  }
   get uuid() { return super.uuid = require('crypto').randomUUID }
   get yaml() { return super.yaml = require('@sap/cds-foss').yaml }
   get pool() { return super.pool = require('@sap/cds-foss').pool }
   get tar() { return super.tar = require('./tar') }
 }
 
+/** @type {import('node:path')} */
 const path = exports.path = require('path'), { dirname, extname, join, resolve, relative } = path
+
+/** @type {import('node:fs')} */
 const fs = exports.fs = Object.assign (exports,require('fs')) //> for compatibility
 
 
@@ -232,6 +244,7 @@ exports.find = function find (base, patterns='*', filter=()=>true) {
   return files
 }
 
+
 exports.deprecated = (fn, { kind = 'Method', old = fn.name+'()', use } = {}) => {
   const yellow = '\x1b[33m'
   const reset = '\x1b[0m'

package/lib/utils/colors.js

@@ -1,49 +1,50 @@
-const none = process.stdout.isTTY && !process.env.NO_COLOR || process.env.FORCE_COLOR ? null : ''
+const enabled = process.stdout.isTTY && !process.env.NO_COLOR || process.env.FORCE_COLOR
 const colors = {
-  RESET:        none ?? '\x1b[0m',
-  BOLD:         none ?? '\x1b[1m',
-  BRIGHT:       none ?? '\x1b[1m',
-  DIMMED:       none ?? '\x1b[2m',
-  ITALIC:       none ?? '\x1b[3m',
-  UNDER:        none ?? '\x1b[4m',
-  BLINK:        none ?? '\x1b[5m',
-  FLASH:        none ?? '\x1b[6m',
-  INVERT:       none ?? '\x1b[7m',
-  BLACK:        none ?? '\x1b[30m',
-  RED:          none ?? '\x1b[31m',
-  GREEN:        none ?? '\x1b[32m',
-  YELLOW:       none ?? '\x1b[33m',
-  BLUE:         none ?? '\x1b[34m',
-  PINK:         none ?? '\x1b[35m',
-  CYAN:         none ?? '\x1b[36m',
-  LIGHT_GRAY:   none ?? '\x1b[37m',
-  DEFAULT:      none ?? '\x1b[39m',
-  GRAY:         none ?? '\x1b[90m',
-  LIGHT_RED:    none ?? '\x1b[91m',
-  LIGHT_GREEN:  none ?? '\x1b[92m',
-  LIGHT_YELLOW: none ?? '\x1b[93m',
-  LIGHT_BLUE:   none ?? '\x1b[94m',
-  LIGHT_PINK:   none ?? '\x1b[95m',
-  LIGHT_CYAN:   none ?? '\x1b[96m',
-  WHITE:        none ?? '\x1b[97m',
+  enabled,
+  RESET:        enabled ? '\x1b[0m' : '',
+  BOLD:         enabled ? '\x1b[1m' : '',
+  BRIGHT:       enabled ? '\x1b[1m' : '',
+  DIMMED:       enabled ? '\x1b[2m' : '',
+  ITALIC:       enabled ? '\x1b[3m' : '',
+  UNDER:        enabled ? '\x1b[4m' : '',
+  BLINK:        enabled ? '\x1b[5m' : '',
+  FLASH:        enabled ? '\x1b[6m' : '',
+  INVERT:       enabled ? '\x1b[7m' : '',
+  BLACK:        enabled ? '\x1b[30m' : '',
+  RED:          enabled ? '\x1b[31m' : '',
+  GREEN:        enabled ? '\x1b[32m' : '',
+  YELLOW:       enabled ? '\x1b[33m' : '',
+  BLUE:         enabled ? '\x1b[34m' : '',
+  PINK:         enabled ? '\x1b[35m' : '',
+  CYAN:         enabled ? '\x1b[36m' : '',
+  LIGHT_GRAY:   enabled ? '\x1b[37m' : '',
+  DEFAULT:      enabled ? '\x1b[39m' : '',
+  GRAY:         enabled ? '\x1b[90m' : '',
+  LIGHT_RED:    enabled ? '\x1b[91m' : '',
+  LIGHT_GREEN:  enabled ? '\x1b[92m' : '',
+  LIGHT_YELLOW: enabled ? '\x1b[93m' : '',
+  LIGHT_BLUE:   enabled ? '\x1b[94m' : '',
+  LIGHT_PINK:   enabled ? '\x1b[95m' : '',
+  LIGHT_CYAN:   enabled ? '\x1b[96m' : '',
+  WHITE:        enabled ? '\x1b[97m' : '',
   bg: {
-    BLACK: none ?? '\x1b[40m',
-    RED: none ?? '\x1b[41m',
-    GREEN: none ?? '\x1b[42m',
-    YELLOW: none ?? '\x1b[43m',
-    BLUE: none ?? '\x1b[44m',
-    PINK: none ?? '\x1b[45m',
-    CYAN: none ?? '\x1b[46m',
-    WHITE: none ?? '\x1b[47m',
-    DEFAULT: none ?? '\x1b[49m',
-    LIGHT_GRAY: none ?? '\x1b[100m',
-    LIGHT_RED: none ?? '\x1b[101m',
-    LIGHT_GREEN: none ?? '\x1b[102m',
-    LIGHT_YELLOW: none ?? '\x1b[103m',
-    LIGHT_BLUE: none ?? '\x1b[104m',
-    LIGHT_PINK: none ?? '\x1b[105m',
-    LIGHT_CYAN: none ?? '\x1b[106m',
-    LIGHT_WHITE: none ?? '\x1b[107m',
+    BLACK: enabled ? '\x1b[40m' : '',
+    RED: enabled ? '\x1b[41m' : '',
+    GREEN: enabled ? '\x1b[42m' : '',
+    YELLOW: enabled ? '\x1b[43m' : '',
+    BLUE: enabled ? '\x1b[44m' : '',
+    PINK: enabled ? '\x1b[45m' : '',
+    CYAN: enabled ? '\x1b[46m' : '',
+    WHITE: enabled ? '\x1b[47m' : '',
+    DEFAULT: enabled ? '\x1b[49m' : '',
+    LIGHT_GRAY: enabled ? '\x1b[100m' : '',
+    LIGHT_RED: enabled ? '\x1b[101m' : '',
+    LIGHT_GREEN: enabled ? '\x1b[102m' : '',
+    LIGHT_YELLOW: enabled ? '\x1b[103m' : '',
+    LIGHT_BLUE: enabled ? '\x1b[104m' : '',
+    LIGHT_PINK: enabled ? '\x1b[105m' : '',
+    LIGHT_CYAN: enabled ? '\x1b[106m' : '',
+    LIGHT_WHITE: enabled ? '\x1b[107m' : '',
   },
 }
 module.exports = colors

package/libx/_runtime/common/composition/data.js

@@ -326,6 +326,7 @@ const selectDeepUpdateData = (service, model, req, selectAllColumns = false) =>
   const query = req.query
 
   // REVISIT this should be done somewhere before, so it is not done twice for deep updates
+  // REVISIT: this is done (better) in the new db-services
   const sqlQuery = cqn2cqn4sql(query, model)
 
   if (req && _isSameEntity(sqlQuery, req)) {
@@ -334,10 +335,11 @@ const selectDeepUpdateData = (service, model, req, selectAllColumns = false) =>
 
   const from = getEntityNameFromUpdateCQN(sqlQuery)
   const alias = sqlQuery.UPDATE.entity.as
-  const where = sqlQuery.UPDATE.where || []
+  // if parts of (another) query are re-used make sure to get your own copy
+  const where = cds.clone(sqlQuery.UPDATE.where) || []
   const entityName = ensureNoDraftsSuffix(from)
   const draft = entityName !== from
-  const orderBy = req?.target?.query?.SELECT?.orderBy
+  const orderBy = req?.target?.query?.SELECT?.orderBy ? cds.clone(req?.target?.query?.SELECT?.orderBy) : null
   _resolveOrderBy(orderBy, sqlQuery.UPDATE._transitions)
   const data = Object.assign({}, sqlQuery.UPDATE.data || {}, query.UPDATE.with || {})
   const compositionTree = getCompositionTree({

package/libx/_runtime/common/composition/index.js

@@ -1,4 +1,4 @@
-const { getCompositionTree, getCompositionRoot } = require('./tree')
+const { getCompositionTree } = require('./tree')
 const { hasDeepInsert, getDeepInsertCQNs } = require('./insert')
 const { hasDeepUpdate, getDeepUpdateCQNs } = require('./update')
 const { hasDeepDelete, getDeepDeleteCQNs, getSetNullParentForeignKeyCQNs } = require('./delete')
@@ -7,7 +7,6 @@ const { selectDeepUpdateData } = require('./data')
 module.exports = {
   // tree
   getCompositionTree,
-  getCompositionRoot,
   // insert
   hasDeepInsert,
   getDeepInsertCQNs,

package/libx/_runtime/common/composition/tree.js

@@ -1,6 +1,5 @@
 const cds = require('../../cds')
 
-const { ensureNoDraftsSuffix } = require('../utils/draft')
 const { getTransition, getDBTable } = require('../utils/resolveView')
 
 const { prefixForStruct } = require('../../common/utils/csn')
@@ -259,27 +258,6 @@ const _memoizeGetCompositionTree = fn => {
  * exports
  */
 
-const getCompositionRoot = (definitions, entity) => {
-  const associationElements = Object.keys(entity.elements)
-    .map(key => entity.elements[key])
-    .filter(element => element._isAssociationStrict)
-
-  for (const { target } of associationElements) {
-    const parentEntity = definitions[target]
-    for (const parentElementName in parentEntity.elements) {
-      const parentElement = parentEntity.elements[parentElementName]
-      if (
-        parentElement.isComposition &&
-        parentElement.target === entity.name &&
-        parentElement.target !== ensureNoDraftsSuffix(parentElement.parent.name)
-      ) {
-        return getCompositionRoot(definitions, parentEntity)
-      }
-    }
-  }
-  return entity
-}
-
 /**
  * Provides tree of all compositions. (Cached)
  *
@@ -291,6 +269,5 @@ const getCompositionRoot = (definitions, entity) => {
 const getCompositionTree = _memoizeGetCompositionTree(_getCompositionTree)
 
 module.exports = {
-  getCompositionTree,
-  getCompositionRoot
+  getCompositionTree
 }

package/libx/_runtime/common/error/frontend.js

@@ -51,7 +51,7 @@ const _rewriteError = error => {
     (code.startsWith('SQLITE_CONSTRAINT') && (message.match(/COMMIT/) || message.match(/FOREIGN KEY/))) ||
     (code === '155' && message.match(/fk constraint violation/))
   ) {
-    // > foreign key constaint violation no sqlite/ hana
+    // > foreign key constaint violation on sqlite/ hana
     error.code = '400'
     error.message = 'FK_CONSTRAINT_VIOLATION'
     return
@@ -63,17 +63,33 @@ const _rewriteError = error => {
   }
 }
 
+const _isInHttpResponseCodeRange = errorCode => errorCode >= 300 && errorCode <= 599
+
+const BAD_REQUEST_ERRORS = new Set(['ENTITY_ALREADY_EXISTS', 'FK_CONSTRAINT_VIOLATION', 'UNIQUE_CONSTRAINT_VIOLATION'])
+
 const _normalize = (err, locale, formatterFn = _getFiltered) => {
   // REVISIT: code and message rewriting
   _rewriteError(err)
 
+  const { message: originalMessage } = err
+
   // message (i18n)
   err.message = getErrorMessage(err, locale)
 
   // ensure code is set and a string
   err.code = String(err.code || 'null')
 
-  let statusCode = err.status || err.statusCode || (_isAllowedError(err.code) && err.code)
+  // determine status code from error
+  let statusCode = err.status || err.statusCode //> REVISIT: why prefer status over statusCode?
+  // well-defined bad request errors
+  if (!statusCode && BAD_REQUEST_ERRORS.has(originalMessage)) statusCode = 400
+  if (!statusCode && _isInHttpResponseCodeRange(err.code)) {
+    if ('sqlState' in err) {
+      // HANA/ database error -> don't use code as status code
+    } else {
+      statusCode = err.code
+    }
+  }
 
   // details
   if (err.details) {
@@ -95,8 +111,6 @@ const _normalize = (err, locale, formatterFn = _getFiltered) => {
   return { error, statusCode }
 }
 
-const _isAllowedError = errorCode => errorCode >= 300 && errorCode < 505
-
 // - for one unique value, we use it
 // - if at least one 5xx exists, we use 500
 // - else if at least one 4xx exists, we use 400