@sap/cds 8.9.4 → 8.9.6

package/CHANGELOG.md

@@ -4,6 +4,21 @@
 - The format is based on [Keep a Changelog](https://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](https://semver.org/).
 
+## Version 8.9.6 - 2025-07-29
+
+### Fixed
+
+- Batch insert using `INSERT.entries()` on draft enabled entities
+
+## Version 8.9.5 - 2025-07-25
+
+### Fixed
+
+- `req.diff` in case of draft entities using associations to joins/unions
+- Locale detection does not enforce `<http-req>.query` to be present. Some protocol adapters do not set it.
+- View metadata for requests with $apply
+- Handling of bad timestamps in URL ($filter and temporals)
+
 ## Version 8.9.4 - 2025-05-16
 
 ### Fixed

package/lib/req/locale.js

@@ -10,7 +10,8 @@ function normalized_locale_from (req) {
 
 function original_locale_from (req) {
   return !req ? undefined :
-    req.query['sap-locale'] || SAP_LANGUAGES[req.query['sap-language']] ||
+    // req.query is guaranteed by express, but not by others like websockets or plain Node http
+    req.query?.['sap-locale'] || SAP_LANGUAGES[req.query?.['sap-language']] ||
     req.headers['x-sap-request-language'] ||
     req.headers['accept-language']
 }

package/lib/req/validate.js

@@ -208,7 +208,7 @@ class struct extends $any {
     }
     // check values of given data
     for (let each in data) { // will work for structured payloads as well as flattened ones with universal CSN
-      let /** @type {$any} */ d = elements[each]
+      let /** @type {$any} */ d = Object.hasOwn(elements, each) && elements[each]
       if (!d || (d['@cds.api.ignore'] && ctx.rejectIgnore)) ctx.unknown (each, this, data)
       else if (ctx.cleanse && d._is_readonly() && !d.key) delete data[each]
       // @Core.Immutable processed only for root, children are handled when knowing db state

package/libx/_runtime/common/generic/temporal.js

@@ -4,7 +4,6 @@ const normalizeTimestamp = require('../utils/normalizeTimestamp')
 const _getDateFromQueryOptions = str => {
   if (str) {
     const match = str.match(/^date'(.+)'$/)
-    // REVISIT: What happens with invalid date values in query parameter? if match.length > 1
     return normalizeTimestamp(match ? match[1] : str)
   }
 }

package/libx/_runtime/common/utils/normalizeTimestamp.js

@@ -9,13 +9,22 @@ const _lengthIfNotFoundIndex = (index, length) => (index > -1 ? index : length)
 module.exports = value => {
   if (value instanceof Date) value = value.toISOString()
   if (typeof value === 'number') value = new Date(value).toISOString()
+  if (typeof value !== 'string') {
+    const msg = `Value "${value}" is not a valid Timestamp`
+    throw Object.assign(new Error(msg), { statusCode: 400 })
+  }
 
   const decimalPointIndex = _lengthIfNotFoundIndex(value.lastIndexOf('.'), value.length)
   const tzRegexMatch = TZ_REGEX.exec(value)
   const tz = tzRegexMatch?.[0] || ''
   const tzIndex = _lengthIfNotFoundIndex(tzRegexMatch?.index, value.length)
   const dateEndIndex = Math.min(decimalPointIndex, tzIndex)
-  const dateNoMillisNoTZ = new Date(value.slice(0, dateEndIndex) + tz).toISOString().slice(0, 19)
+  let dt = new Date(value.slice(0, dateEndIndex) + tz)
+  if (isNaN(dt)) {
+    const msg = `Value "${value}" is not a valid Timestamp`
+    throw Object.assign(new Error(msg), { statusCode: 400 })
+  }
+  const dateNoMillisNoTZ = dt.toISOString().slice(0, 19)
   const normalizedFractionalDigits = value
     .slice(dateEndIndex + 1, tzIndex)
     .replace(NON_DIGIT_REGEX, '')

package/libx/_runtime/common/utils/resolveView.js

@@ -551,7 +551,7 @@ const _mappedValue = (col, alias) => {
 const getDBTable = target => cds.ql.resolve.table(target)
 
 const _appendForeignKeys = (newColumns, target, columns, { as, ref = [] }) => {
-  const el = target.elements[as] || target.query._target.elements[ref.at(-1)]
+  const el = target.elements[as] || target.query._target?.elements[ref.at(-1)]
 
   if (el && el.isAssociation && el.keys) {
     for (const key of el.keys) {

package/libx/_runtime/fiori/lean-draft.js

@@ -464,7 +464,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
     if (!containsDraftRoot) req.reject({ code: 403, statusCode: 403, message: 'DRAFT_MODIFICATION_ONLY_VIA_ROOT' })
 
     const isDirectAccess = typeof req.query.INSERT.into === 'string' || req.query.INSERT.into.ref?.length === 1
-    const data = Object.assign({}, req.data) // IsActiveEntity is not enumerable
+    const data = Array.isArray(req.data) ? [...req.data] : Object.assign({}, req.data) // IsActiveEntity is not enumerable
     const draftsRootRef =
       typeof query.INSERT.into === 'string'
         ? [req.target.drafts.name]
@@ -489,7 +489,9 @@ cds.ApplicationService.prototype.handle = async function (req) {
 
     const cqn = INSERT.into(query.INSERT.into).entries(data)
     await run(cqn, { event: 'CREATE' })
-    const result = { ...data, IsActiveEntity: true }
+    const result = Array.isArray(data)
+      ? data.map(d => ({ ...d, IsActiveEntity: true }))
+      : { ...data, IsActiveEntity: true }
     req.data = result //> make keys available via req.data (as with normal crud)
     return result
   }

package/libx/odata/parse/afterburner.js

@@ -12,8 +12,7 @@ function _getDefinition(definition, name, namespace) {
   return (
     definition?.definitions?.[name] ||
     definition?.elements?.[name] ||
-    (definition.actions && (definition.actions[name] || definition.actions[name.replace(namespace + '.', '')])) ||
-    definition[name]
+    (definition.actions && (definition.actions[name] || definition.actions[name.replace(namespace + '.', '')]))
   )
 }
 

package/libx/odata/utils/metadata.js

@@ -32,6 +32,14 @@ const _lastValidRef = ref => {
   }
 }
 
+const _getRef = query => {
+  if (query.SELECT?.from?.SELECT) return _getRef(query.SELECT.from)
+
+  return (
+    query.SELECT?.from?.ref ?? query.UPDATE?.entity?.ref ?? query.INSERT?.into?.ref ?? query.DELETE?.from?.ref ?? []
+  )
+}
+
 const _toBinaryKeyValue = value => `binary'${value.toString('base64')}'`
 
 const _odataContext = (query, options) => {
@@ -49,10 +57,7 @@ const _odataContext = (query, options) => {
 
   path += '#'
 
-  // REVISIT: subselect is treated as empty array
-  const ref =
-    query.SELECT?.from?.ref ?? query.UPDATE?.entity?.ref ?? query.INSERT?.into?.ref ?? query.DELETE?.from?.ref ?? []
-
+  const ref = _getRef(query)
   const isNavToDraftAdmin = _isNavToDraftAdmin(ref)
 
   let edmName
@@ -73,9 +78,6 @@ const _odataContext = (query, options) => {
   path += edmName
 
   const isViewWithParams = query._target.kind === 'entity' && query._target.params
-  if (isViewWithParams) path += 'Type'
-
-  const lastRef = ref.at(-1)
 
   if (propertyAccess || isNavToDraftAdmin || isViewWithParams) {
     if (!contextAbsoluteUrl && (propertyAccess || isViewWithParams)) path = '../' + path
@@ -83,6 +85,7 @@ const _odataContext = (query, options) => {
     const keyValuePairs = []
 
     const lastValidRef = _lastValidRef(ref)
+    const lastRef = ref.at(-1)
     const isSibling = lastRef === 'SiblingEntity'
     let _keyValuePairs
     if (lastValidRef.where) {

package/libx/odata/utils/normalizeTimeData.js

@@ -8,7 +8,7 @@ const _processorFn = elementInfo => {
     const { row, key } = elementInfo
     if (!(row[key] == null) && row[key] !== '$now') {
       const dt = typeof row[key] === 'string' && new Date(row[key])
-      if (!isNaN(dt)) {
+      if (dt && !isNaN(dt)) {
         switch (category) {
           case 'cds.DateTime':
             row[key] = new Date(row[key]).toISOString().replace(/\.\d\d\d/, '')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "8.9.4",
+  "version": "8.9.6",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [