@sap/cds 9.4.2 → 9.4.4

package/CHANGELOG.md

@@ -4,6 +4,24 @@
 - The format is based on [Keep a Changelog](https://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](https://semver.org/).
 
+## Version 9.4.4 - 2025-10-23
+
+### Fixed
+
+- Input validation of action parameters in action calls on draft state of draft enabled entities
+- Input validation on `NEW` event of draft choreography
+- Ignore outbox model on Windows
+- `enterprise-messaging-shared`: preserve error listener during reconnect
+
+## Version 9.4.3 - 2025-10-10
+
+### Fixed
+
+- Don't continue validation user input if data type is wrong
+- UI annotation generation for status transition flows for Java
+- Increased minimium version of `@sap/cds-compiler` to 6.3.x
+- Undefined error message for early access checks
+
 ## Version 9.4.2 - 2025-10-08
 
 ### Fixed
@@ -53,7 +71,6 @@
 - Broken link `cds.auth`
 - Persist original error message in draft validation messages
 - Escaping of `\t` and `\f` in edmx during localization
-- Escaping of JSON escape sequences other than `\"` during localization
 
 ## Version 9.3.1 - 2025-09-03
 

package/lib/compile/etc/properties.js

@@ -40,5 +40,4 @@ function string4 (raw) {
   return raw
   .replace(/''/g,"'") .replace(/^"(.*)"$/,"$1") .replace(/^'(.*)'$/,"$1")
   .replace(/\\u[\dA-F]{4}/gi, (match) => String.fromCharCode(parseInt(match.replace(/\\u/g, ''), 16)))
-  .replace(/\\(.)/g, (_, seq) => ({ n: '\n', r: '\r', t: '\t', f: '\f' }[seq] ?? seq))
 }

package/lib/compile/for/flows.js

@@ -19,7 +19,7 @@ function addOperationAvailableToActions(actions, statusEnum, statusElementName)
   for (const action of Object.values(actions)) {
     const fromList = getFrom(action)
     const conditions = fromList.map(from => {
-      const value = from['#'] ? statusEnum[from['#']]?.val ?? statusEnum[from['#']]['$path'].at(-1) : from
+      const value = from['#'] ? (statusEnum[from['#']]?.val ?? from['#']) : from
       return `$self.${statusElementName} = ${typeof value === 'string' ? `'${value}'` : value}`
     })
     const condition = `(${conditions.join(' OR ')})`

package/lib/compile/load.js

@@ -13,7 +13,7 @@ module.exports = exports = function load (files, options) {
   // REVISIT: bandaid for grow as you go scenario with task queues enabled by default
   let locations
   if (cds.watched) {
-    const _is_outbox = p => cds.utils.path.posix.normalize(p).match(/\/cds\/srv\/outbox(\.cds)?$/)
+    const _is_outbox = p => cds.utils.path.posix.normalize(p).match(/((\/cds\/srv\/outbox)|(\\cds\\srv\\outbox))(\.cds)?$/)
     const _outbox_only = any?.length === 1 && _is_outbox(any[0]) && (!Array.isArray(files) || !files.some(_is_outbox))
     if (_outbox_only) {
       any = undefined

package/lib/i18n/localize.js

@@ -85,7 +85,7 @@ exports.edmx = edmx => {
 
 exports.json = json => {
   if (typeof json === 'object') json = JSON.stringify(json)
-  const _json_replacer = s => s && JSON.stringify(s).slice(1,-1)
+  const _json_replacer = s => s?.replace(/"/g, '\\"')
   return localize(json) .using (_json_replacer)
 }
 

package/lib/srv/middlewares/errors.js

@@ -2,13 +2,14 @@ const cds = require('../..'), {i18n} = cds
 const LOG = cds.log('error')
 const internals = /\n +at .*(?:node_modules\/express|node:).*/gm
 const is_test = typeof global.it === 'function'
+const { STATUS_CODES } = require('http')
 
 module.exports = () => {
   /** @param {import('express').Response} res */
   return function http_error (err, req, res, next) { // eslint-disable-line no-unused-vars
 
     // In case of 401 require login if available by auth strategy
-    if (typeof err === 'number') err = { code: err }
+    if (typeof err === 'number') err = { status: err, code: String(err), message: STATUS_CODES[err] }
     if (err.code == 401 && req._login) return req._login()
 
     // Shutdown on uncaught errors, which could be critical programming errors

package/libx/_runtime/common/generic/input.js

@@ -355,7 +355,12 @@ async function validate_input(req) {
   }
 
   const errs = cds.validate(req.data, req.target, assertOptions)
-  if (errs) return errs.forEach(err => req.error(err))
+  if (errs) {
+    errs.forEach(err => req.error(err))
+    // data types are incorrect -> stop further processing which could rely on data type
+    if (errs.some(e => e.message === 'ASSERT_DATA_TYPE')) req.reject()
+    else return
+  }
 
   // -------------------------------------------------
   // REVISIT: is the below still needed?
@@ -399,7 +404,12 @@ function validate_action(req) {
     protocol: req.protocol
   }
   let errs = cds.validate(data, operation, assertOptions)
-  if (errs) return errs.forEach(err => req.error(err))
+  if (errs) {
+    errs.forEach(err => req.error(err))
+    // data types are incorrect -> stop further processing which could rely on data type
+    if (errs.some(e => e.message === 'ASSERT_DATA_TYPE')) req.reject()
+    else return
+  }
 
   // convert binaries
   operation.params &&
@@ -419,7 +429,11 @@ validate_action._initial = true
 module.exports = cds.service.impl(function () {
   this.before(['CREATE', 'UPDATE', 'NEW'], '*', validate_input)
   for (const each of this.actions) this.before(each, validate_action)
-  for (const entity of this.entities) for (let a in entity.actions) this.before(a, entity, validate_action)
+  for (const entity of this.entities)
+    for (let a in entity.actions) {
+      this.before(a, entity, validate_action)
+      if (entity.drafts) this.before(a, entity.drafts, validate_action)
+    }
 })
 
 // needed for testing

package/libx/_runtime/fiori/lean-draft.js

@@ -1915,13 +1915,11 @@ async function beforeNew(req) {
 
     // Also support deep insertions
     for (const key in data) {
+      if (!target.elements[key]) return data
       if (data[key] && target.elements[key].isAssociation) delete data[key].IsActiveEntity
-      if (!target.elements[key]?.isComposition) continue
-      // do array trick
+      if (!target.elements[key].isComposition) continue
       if (Array.isArray(data[key])) data[key] = data[key].map(v => _cleanseData(v, target.elements[key]._target))
-      else if (typeof data[key] === 'object') {
-        data[key] = _cleanseData(data[key], target.elements[key]._target)
-      }
+      else if (typeof data[key] === 'object') data[key] = _cleanseData(data[key], target.elements[key]._target)
     }
 
     return data

package/libx/_runtime/messaging/common-utils/connections.js

@@ -6,54 +6,39 @@ const _rmHandlers = client => {
   client.removeAllListeners('disconnected')
 }
 
-const _connectUntilConnected = (client, LOG, x) => {
-  if (client._reconnecting) return
-  client._reconnecting = true
-
-  const _waitingTime = waitingTime(x)
-  setTimeout(() => {
-    connect(client, LOG, true)
-      .then(() => {
-        client._reconnecting = false
-        LOG._warn && LOG.warn('Reconnected to Enterprise Messaging Client')
-      })
-      .catch(e => {
-        _rmHandlers(client)
-        LOG.error(e)
-
-        LOG._warn &&
-          LOG.warn(
-            `Connection to Enterprise Messaging Client lost: Reconnecting in ${Math.round(_waitingTime / 1000)} s`
-          )
-        client._reconnecting = false
-        _connectUntilConnected(client, LOG, x + 1)
-      })
-  }, _waitingTime)
-}
-
 const connect = (client, LOG, keepAlive) => {
   return new Promise((resolve, reject) => {
     _rmHandlers(client)
 
     client
       .once('connected', function () {
-        const handleReconnection = err => {
-          if (client._reconnecting) return
+        _rmHandlers(client)
 
-          if (err && LOG._error) {
-            err.message = 'Client error: ' + err.message
-            LOG.error(err)
-          }
-          if (keepAlive) {
-            _rmHandlers(client)
-            _connectUntilConnected(client, LOG, 0)
-          }
-        }
+        // It's important to _always_ keep an error listener,
+        // otherwise it will throw and crash the server
+        client.on('error', err => LOG(err?.message))
 
-        _rmHandlers(client)
-        client.once('error', handleReconnection)
         if (keepAlive) {
-          client.once('disconnected', handleReconnection)
+          client.on('disconnected', () => {
+            let connected = false
+            client.once('connected', () => {
+              LOG('Reconnected')
+              connected = true
+            })
+            let x = 1
+            const _untilConnected = async () => {
+              if (!connected) {
+                LOG('Reconnecting')
+                try {
+                  client.connect()
+                } catch {
+                  // we try again...
+                }
+                setTimeout(_untilConnected, waitingTime(x++))
+              }
+            }
+            _untilConnected()
+          })
         }
 
         resolve(client)
@@ -65,7 +50,11 @@ const connect = (client, LOG, keepAlive) => {
         reject(e)
       })
 
-    client.connect()
+    try {
+      client.connect()
+    } catch (e) {
+      reject(e)
+    }
   })
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "9.4.2",
+  "version": "9.4.4",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -32,7 +32,7 @@
     "node": ">=20"
   },
   "dependencies": {
-    "@sap/cds-compiler": "^6.1",
+    "@sap/cds-compiler": "^6.3",
     "@sap/cds-fiori": "^2",
     "js-yaml": "^4.1.0"
   },