@sap/cds 9.6.2 → 9.6.4

package/CHANGELOG.md

@@ -4,6 +4,19 @@
 - The format is based on [Keep a Changelog](https://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](https://semver.org/).
 
+## Version 9.6.4 - 2026-01-20
+
+### Fixed
+
+- `queue`: Too eager removal of control data from deserialized task
+- Stop overriding existing `cds.requires.[service].credentials` configurations using values from `.cds-services.json`
+
+## Version 9.6.3 - 2026-01-14
+
+### Fixed
+
+- `queue`: Exactly-once guarantee only with `legacyLocking: false`
+
 ## Version 9.6.2 - 2026-01-08
 
 ### Fixed

package/lib/srv/bindings.js

@@ -20,16 +20,21 @@ class Bindings {
   bind (service) {
     let required = cds.requires [service]
     let binding = this.provides [required?.service || service]
-    if (binding?.endpoints) {
+
+    if (binding?.endpoints && !required.credentials) {
+      // > Re-route requests to the mock service running locally
+
       const server = this.servers [binding.server]
       const kind = [ required?.kind, 'hcql', 'rest', 'odata' ].find (k => k in binding.endpoints)
       const path = binding.endpoints [kind]
+      
       // in case of cds.requires.Foo = { ... }
       if (typeof required === 'object') required.credentials = {
         ...required.credentials,
         ...binding.credentials,
         url: server.url + path
       }
+      
       // in case of cds.requires.Foo = true
       else required = cds.requires[service] = cds.env.requires[service] = {
         ...cds.requires.kinds [binding.kind],
@@ -38,11 +43,13 @@ class Bindings {
           url: server.url + path
         }
       }
+
       required.kind = kind
       // REVISIT: temporary fix to inherit kind as well for mocked odata services
       // otherwise mocking with two services does not work for kind:odata-v2
       if (kind === 'odata-v2' || kind === 'odata-v4') required.kind = 'odata'
     }
+    
     return required
   }
 

package/libx/queue/index.js

@@ -191,7 +191,8 @@ const _processTasks = (target, tenant, _opts = {}) => {
           const _msg = _safeJSONParse(_task.msg)
 
           const context = _msg.context || {}
-          delete _msg.context
+          // REVISIT: controlled context propagation
+          // delete _msg.context
 
           const userId = _msg[INTERNAL_USER]
           delete _msg[INTERNAL_USER]
@@ -244,7 +245,8 @@ const _processTasks = (target, tenant, _opts = {}) => {
             const _run = opts.legacyLocking && cds.db?.kind === 'sqlite' ? cds._with : service.tx.bind(service)
             const result = await _run({ ...task.context, tenant }, async () => {
               const result = opts.handle ? await opts.handle.call(service, task.msg) : await service.handle(task.msg)
-              await DELETE.from(tasksEntity).where({ ID: task.ID })
+              // we can only delete in the current tx if legacyLocking (i.e., long-lasting db locks) is false
+              if (!opts.legacyLocking) await DELETE.from(tasksEntity).where({ ID: task.ID })
               return result
             })
             task.results = result
@@ -295,13 +297,15 @@ const _processTasks = (target, tenant, _opts = {}) => {
       }
 
       const queries = []
-      if (toBeDeleted.length)
+      const _toBeDeleted = opts.legacyLocking ? toBeDeleted.concat(succeeded) : toBeDeleted
+      if (_toBeDeleted.length) {
         queries.push(
           DELETE.from(tasksEntity).where(
             'ID in',
-            toBeDeleted.map(msg => msg.ID)
+            _toBeDeleted.map(msg => msg.ID)
           )
         )
+      }
 
       // There can be tasks which are not updated / deleted, their status must be set back to `null`
       const updateTasks = selectedTasks.filter(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "9.6.2",
+  "version": "9.6.4",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [