@sap/cds 8.9.3 → 8.9.5

package/CHANGELOG.md

@@ -4,6 +4,24 @@
 - The format is based on [Keep a Changelog](https://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](https://semver.org/).
 
+## Version 8.9.5 - 2025-07-25
+
+### Fixed
+
+- `req.diff` in case of draft entities using associations to joins/unions
+- Locale detection does not enforce `<http-req>.query` to be present. Some protocol adapters do not set it.
+- View metadata for requests with $apply
+- Handling of bad timestamps in URL ($filter and temporals)
+
+## Version 8.9.4 - 2025-05-16
+
+### Fixed
+
+- No longer require `@sap/cds-compiler` versions 6.x as these are not supported with CAP Java 3.
+- Regression in view resolving with mixins
+- View resolving for external service entities aborted too early
+- `cds.Map` validation in action/function parameters
+
 ## Version 8.9.3 - 2025-05-06
 
 ### Fixed

package/lib/core/classes.js

@@ -147,6 +147,7 @@ class type extends any { is(kind) { return kind === 'type' || super.is(kind) }
   }
 
   class Map extends struct {
+    get '@open' () { return this.set('@open', true) }
     get elements() { return this.set('elements', new LinkedDefinitions) }
   }
 

package/lib/core/linked-csn.js

@@ -47,6 +47,7 @@ class LinkedCSN {
         if (p.actions && !d.actions) _set (d,'actions',undefined) //> don't propagate .actions
         if (p.params && !d.params)   _set (d,'params',undefined)  //> don't propagate .params
         if (d.elements?.localized)   _set (d,'texts', defs[d.elements.localized.target])
+        if (!Object.hasOwn(d,'_service')) _set (d,'_service',undefined) //> don't propagate ._service
       } else if (d.kind === 'element') {
         if (p.key && !d.key) _set (d,'key',undefined)  //> don't propagate .key
       }

package/lib/ql/resolve.js

@@ -8,6 +8,7 @@ const _isPersistenceTable = target =>
 // REVISIT revert after cds-dbs pr
 // REVISIT: Remove once we get rid of old db
 const _abortDB = resolve.abortDB = target => !!(_isPersistenceTable(target)|| !target.query?._target)
+// _service seems to be inherited in projections, so do not consider prototype chain
 const _defaultAbort = tx => e => e._service?.name === tx.definition?.name
 
 function resolve(query, tx, abortCondition) {

package/lib/req/locale.js

@@ -10,7 +10,8 @@ function normalized_locale_from (req) {
 
 function original_locale_from (req) {
   return !req ? undefined :
-    req.query['sap-locale'] || SAP_LANGUAGES[req.query['sap-language']] ||
+    // req.query is guaranteed by express, but not by others like websockets or plain Node http
+    req.query?.['sap-locale'] || SAP_LANGUAGES[req.query?.['sap-language']] ||
     req.headers['x-sap-request-language'] ||
     req.headers['accept-language']
 }

package/lib/req/validate.js

@@ -208,7 +208,7 @@ class struct extends $any {
     }
     // check values of given data
     for (let each in data) { // will work for structured payloads as well as flattened ones with universal CSN
-      let /** @type {$any} */ d = elements[each]
+      let /** @type {$any} */ d = Object.hasOwn(elements, each) && elements[each]
       if (!d || (d['@cds.api.ignore'] && ctx.rejectIgnore)) ctx.unknown (each, this, data)
       else if (ctx.cleanse && d._is_readonly() && !d.key) delete data[each]
       // @Core.Immutable processed only for root, children are handled when knowing db state

package/libx/_runtime/common/generic/temporal.js

@@ -4,7 +4,6 @@ const normalizeTimestamp = require('../utils/normalizeTimestamp')
 const _getDateFromQueryOptions = str => {
   if (str) {
     const match = str.match(/^date'(.+)'$/)
-    // REVISIT: What happens with invalid date values in query parameter? if match.length > 1
     return normalizeTimestamp(match ? match[1] : str)
   }
 }

package/libx/_runtime/common/utils/normalizeTimestamp.js

@@ -9,13 +9,22 @@ const _lengthIfNotFoundIndex = (index, length) => (index > -1 ? index : length)
 module.exports = value => {
   if (value instanceof Date) value = value.toISOString()
   if (typeof value === 'number') value = new Date(value).toISOString()
+  if (typeof value !== 'string') {
+    const msg = `Value "${value}" is not a valid Timestamp`
+    throw Object.assign(new Error(msg), { statusCode: 400 })
+  }
 
   const decimalPointIndex = _lengthIfNotFoundIndex(value.lastIndexOf('.'), value.length)
   const tzRegexMatch = TZ_REGEX.exec(value)
   const tz = tzRegexMatch?.[0] || ''
   const tzIndex = _lengthIfNotFoundIndex(tzRegexMatch?.index, value.length)
   const dateEndIndex = Math.min(decimalPointIndex, tzIndex)
-  const dateNoMillisNoTZ = new Date(value.slice(0, dateEndIndex) + tz).toISOString().slice(0, 19)
+  let dt = new Date(value.slice(0, dateEndIndex) + tz)
+  if (isNaN(dt)) {
+    const msg = `Value "${value}" is not a valid Timestamp`
+    throw Object.assign(new Error(msg), { statusCode: 400 })
+  }
+  const dateNoMillisNoTZ = dt.toISOString().slice(0, 19)
   const normalizedFractionalDigits = value
     .slice(dateEndIndex + 1, tzIndex)
     .replace(NON_DIGIT_REGEX, '')

package/libx/_runtime/common/utils/resolveView.js

@@ -32,7 +32,7 @@ const _inverseTransition = transition => {
       const ref0 = value.ref[0]
       if (value.ref.length > 1) {
         // ignore flattened columns like author.name
-        if (transition.target.elements[ref0].isAssociation) continue
+        if (transition.target.elements[ref0]?.isAssociation) continue
 
         const nested = inverseTransition.mapping.get(ref0) || {}
         if (!nested.transition) nested.transition = { mapping: new Map() }
@@ -551,7 +551,7 @@ const _mappedValue = (col, alias) => {
 const getDBTable = target => cds.ql.resolve.table(target)
 
 const _appendForeignKeys = (newColumns, target, columns, { as, ref = [] }) => {
-  const el = target.elements[as] || target.query._target.elements[ref.at(-1)]
+  const el = target.elements[as] || target.query._target?.elements[ref.at(-1)]
 
   if (el && el.isAssociation && el.keys) {
     for (const key of el.keys) {

package/libx/odata/parse/afterburner.js

@@ -12,8 +12,7 @@ function _getDefinition(definition, name, namespace) {
   return (
     definition?.definitions?.[name] ||
     definition?.elements?.[name] ||
-    (definition.actions && (definition.actions[name] || definition.actions[name.replace(namespace + '.', '')])) ||
-    definition[name]
+    (definition.actions && (definition.actions[name] || definition.actions[name.replace(namespace + '.', '')]))
   )
 }
 

package/libx/odata/utils/metadata.js

@@ -32,6 +32,14 @@ const _lastValidRef = ref => {
   }
 }
 
+const _getRef = query => {
+  if (query.SELECT?.from?.SELECT) return _getRef(query.SELECT.from)
+
+  return (
+    query.SELECT?.from?.ref ?? query.UPDATE?.entity?.ref ?? query.INSERT?.into?.ref ?? query.DELETE?.from?.ref ?? []
+  )
+}
+
 const _toBinaryKeyValue = value => `binary'${value.toString('base64')}'`
 
 const _odataContext = (query, options) => {
@@ -49,10 +57,7 @@ const _odataContext = (query, options) => {
 
   path += '#'
 
-  // REVISIT: subselect is treated as empty array
-  const ref =
-    query.SELECT?.from?.ref ?? query.UPDATE?.entity?.ref ?? query.INSERT?.into?.ref ?? query.DELETE?.from?.ref ?? []
-
+  const ref = _getRef(query)
   const isNavToDraftAdmin = _isNavToDraftAdmin(ref)
 
   let edmName
@@ -73,9 +78,6 @@ const _odataContext = (query, options) => {
   path += edmName
 
   const isViewWithParams = query._target.kind === 'entity' && query._target.params
-  if (isViewWithParams) path += 'Type'
-
-  const lastRef = ref.at(-1)
 
   if (propertyAccess || isNavToDraftAdmin || isViewWithParams) {
     if (!contextAbsoluteUrl && (propertyAccess || isViewWithParams)) path = '../' + path
@@ -83,6 +85,7 @@ const _odataContext = (query, options) => {
     const keyValuePairs = []
 
     const lastValidRef = _lastValidRef(ref)
+    const lastRef = ref.at(-1)
     const isSibling = lastRef === 'SiblingEntity'
     let _keyValuePairs
     if (lastValidRef.where) {

package/libx/odata/utils/normalizeTimeData.js

@@ -8,7 +8,7 @@ const _processorFn = elementInfo => {
     const { row, key } = elementInfo
     if (!(row[key] == null) && row[key] !== '$now') {
       const dt = typeof row[key] === 'string' && new Date(row[key])
-      if (!isNaN(dt)) {
+      if (dt && !isNaN(dt)) {
         switch (category) {
           case 'cds.DateTime':
             row[key] = new Date(row[key]).toISOString().replace(/\.\d\d\d/, '')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "8.9.3",
+  "version": "8.9.5",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -33,7 +33,7 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@sap/cds-compiler": ">=5.1",
+    "@sap/cds-compiler": "^5",
     "@sap/cds-fiori": "^1",
     "@sap/cds-foss": "^5.0.0"
   },