npm - @sap/cli-core - Versions diffs - 2026.1.0 → 2026.2.1 - Mend

@sap/cli-core 2026.1.0 → 2026.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CHANGELOG.md +13 -0
package/commands/handler/mandatoryOptions.js +2 -1
package/commands/handler/parseArguments.js +3 -2
package/constants.js +2 -2
package/dwc/dwc.js +2 -1
package/package.json +3 -3
package/types.js +1 -1
package/utils/http/httpsAgent.d.ts +1 -0
package/utils/http/httpsAgent.js +11 -0
package/utils/http/index.js +107 -35
package/utils/openUtils.js +20 -7
package/utils/options.js +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 2026.3.0
+### Fixed
+- Fixed Windows compatibility issue where browser discovery would fail with "win32 is not supported" error when encountering platform-specific browsers like Safari.
+## 2026.1.0
+### Changed
+- **TLS 1.3 is now the default protocol** for all HTTPS connections to meet NS2/SC compliance requirements
+- **Automatic TLS fallback mechanism** retries with TLS 1.2 when servers don't support TLS 1.3
 ## 2025.23.0
 ### Added

package/commands/handler/mandatoryOptions.js CHANGED Viewed

@@ -1,11 +1,12 @@
 import { set as setConfig, get as getConfig } from "../../config/index.js";
-import { OPTION_HOST, OPTION_OPTIONS_FILE, OPTION_VERBOSE, } from "../../constants.js";
+import { OPTION_HOST, OPTION_OPTIONS_FILE, OPTION_TLS_VERSION, OPTION_VERBOSE, } from "../../constants.js";
 import { getInfoFromTenant, parseTenant } from "../../utils/utils.js";
 import { create as createNextHandler } from "./next.js";
 import { create as createOptionsHandler } from "./options/index.js";
 const MANDATORY_OPTIONS = [
     OPTION_VERBOSE,
     OPTION_OPTIONS_FILE,
+    OPTION_TLS_VERSION,
     { ...OPTION_HOST, required: true },
 ];
 const post = async () => async () => {

package/commands/handler/parseArguments.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { kebabCase } from "lodash-es";
 import { set as setConfig } from "../../config/index.js";
 import { getBooleanOption, parseOption } from "./utils.js";
-import { OPTION_VERBOSE } from "../../constants.js";
+import { OPTION_TLS_VERSION, OPTION_VERBOSE } from "../../constants.js";
 import { get as getLogger } from "../../logger/index.js";
 export const create = (handlerArgs) => async () => async (...args) => {
     const { debug } = getLogger("commands.handler.parseArguments");
@@ -13,6 +13,7 @@ export const create = (handlerArgs) => async () => async (...args) => {
         ? handlerArgs.reduce((p, c, i) => ({ ...p, [c.argument]: args[i] }), {})
         : {};
     const verbose = getBooleanOption(options[OPTION_VERBOSE.longName]);
-    debug("setting command: %s, options: %s, arguments: %s, verbose: %s", command, JSON.stringify(options), JSON.stringify(commandArgs), verbose);
+    const tlsVersion = parseOption(options[OPTION_TLS_VERSION.longName]);
+    debug("setting command: %s, options: %s, arguments: %s, verbose: %s, tlsVersion: %s", command, JSON.stringify(options), JSON.stringify(commandArgs), verbose, tlsVersion);
     setConfig({ command, options, arguments: commandArgs, verbose });
 };

package/constants.js CHANGED Viewed

@@ -2,7 +2,7 @@ import path from "path";
 import { GrantType } from "./types.js";
 import { getVersion } from "./utils/utils.js";
 export const VERSION = getVersion();
-export const DEFAULT_TLS_VERSION = "TLSv1.2";
+export const DEFAULT_TLS_VERSION = "TLSv1.3";
 export const DISCOVERY_DOCUMENT_PREFIX = "discovery-";
 export var AuthenticationMethod;
 (function (AuthenticationMethod) {
@@ -226,7 +226,7 @@ export const OPTION_TLS_VERSION = {
     longName: "tls-version",
     description: "specifies the TLS version to use for HTTPS connections",
     args: [{ name: "version" }],
-    choices: [DEFAULT_TLS_VERSION, "TLSv1.3"],
+    choices: [DEFAULT_TLS_VERSION, "TLSv1.2"],
     default: DEFAULT_TLS_VERSION,
     hidden: true,
 };

package/dwc/dwc.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import path from "path";
 import { get } from "../logger/index.js";
-import { CLI_DESCRIPTION, CLI_NAME, CLI_SAP_HELP, OPTION_FILE_PATH, OPTION_FORCE, OPTION_HELP, OPTION_HOST, OPTION_INPUT, OPTION_OPTIONS_FILE, OPTION_OUTPUT, OPTION_VERBOSE, OPTION_VERSION, ROOT_COMMAND, } from "../constants.js";
+import { CLI_DESCRIPTION, CLI_NAME, CLI_SAP_HELP, OPTION_FILE_PATH, OPTION_FORCE, OPTION_HELP, OPTION_HOST, OPTION_INPUT, OPTION_OPTIONS_FILE, OPTION_OUTPUT, OPTION_TLS_VERSION, OPTION_VERBOSE, OPTION_VERSION, ROOT_COMMAND, } from "../constants.js";
 import { init as initCache } from "../cache/index.js";
 import { get as getConfig, set as setConfig, setCustomConfig, initialize as initializeConfig, } from "../config/index.js";
 import { buildOption, createCommand, registerLongName, } from "../utils/commands.js";
@@ -25,6 +25,7 @@ const MANDATORY_OPTIONS = [
     OPTION_FORCE,
     OPTION_OUTPUT,
     OPTION_VERBOSE,
+    OPTION_TLS_VERSION,
     OPTION_INPUT,
     OPTION_OPTIONS_FILE,
 ];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cli-core",
-  "version": "2026.1.0",
+  "version": "2026.2.1",
   "description": "Command-Line Interface (CLI) Core Module",
   "license": "SEE LICENSE IN LICENSE",
   "author": "SAP SE",
@@ -24,13 +24,13 @@
     "compare-versions": "6.1.1",
     "config": "4.1.1",
     "dotenv": "17.2.3",
-    "form-data": "4.0.4",
+    "form-data": "4.0.5",
     "fs-extra": "11.3.2",
     "https": "1.0.0",
     "https-proxy-agent": "7.0.6",
     "jszip": "3.10.1",
     "lodash-es": "4.17.21",
-    "open": "10.2.0",
+    "open": "11.0.0",
     "path": "0.12.7",
     "prompts": "2.4.2",
     "qs": "6.14.0"

package/types.js CHANGED Viewed

@@ -37,7 +37,7 @@ export const CHARACTERS = [
     "e",
     "f",
     "g",
-    "h",
+    // "h", skip 'h' to avoid confusion with '--help' option
     "i",
     "j",
     "k",

package/utils/http/httpsAgent.d.ts CHANGED Viewed

@@ -3,4 +3,5 @@ import tls from "tls";
 export declare const getTlsVersion: () => tls.SecureVersion;
 export declare const isLegacyTlsDetectionEnabled: () => boolean;
 export declare const createTlsAgentOptions: () => https.AgentOptions;
+export declare const isTlsProtocolError: (error: unknown) => boolean;
 export declare const createHttpsAgent: (proxy?: string) => https.Agent;

package/utils/http/httpsAgent.js CHANGED Viewed

@@ -28,6 +28,17 @@ export const createTlsAgentOptions = () => {
     debug("HTTPS agent options:", JSON.stringify(agentOptions, null, 2));
     return agentOptions;
 };
+export const isTlsProtocolError = (error) => {
+    // Check for TLS protocol errors that indicate unsupported TLS version
+    const message = error?.message?.toLowerCase() || "";
+    const code = error?.code || "";
+    return (code === "EPROTO" ||
+        code === "ERR_SSL_UNSUPPORTED_PROTOCOL" ||
+        message.includes("unsupported protocol") ||
+        message.includes("wrong version number") ||
+        message.includes("ssl routines") ||
+        message.includes("tlsv1 alert protocol version"));
+};
 export const createHttpsAgent = (proxy) => {
     const { debug } = getLogger();
     const agentOptions = createTlsAgentOptions();

package/utils/http/index.js CHANGED Viewed

@@ -1,10 +1,12 @@
 import axios from "axios";
+import https from "https";
+import { HttpsProxyAgent } from "https-proxy-agent";
 import { getPackageName, getVersion } from "../../config/core.js";
 import { get as getConfig, set as setConfig } from "../../config/index.js";
-import { X_CSRF_TOKEN } from "../../constants.js";
+import { DEFAULT_TLS_VERSION, X_CSRF_TOKEN } from "../../constants.js";
 import { get } from "../../logger/index.js";
 import { logVerbose } from "../../logger/utils.js";
-import { createHttpsAgent, getTlsVersion, isLegacyTlsDetectionEnabled, } from "./httpsAgent.js";
+import { createHttpsAgent, getTlsVersion, isLegacyTlsDetectionEnabled, isTlsProtocolError, } from "./httpsAgent.js";
 import { printCorrelationId, printError } from "./utils.js";
 export const DEFAULTS = {
     maxBodyLength: -1,
@@ -26,51 +28,121 @@ const getCsrfTokenFromConfig = () => {
     const cnfg = getConfig();
     return cnfg[X_CSRF_TOKEN] ? { [X_CSRF_TOKEN]: cnfg[X_CSRF_TOKEN] } : {};
 };
-export const fetch = async (config) => {
+const createHttpsAgentWithTlsVersion = (proxy, tlsVersion) => {
+    const agentOptions = {
+        minVersion: tlsVersion,
+        maxVersion: tlsVersion,
+        rejectUnauthorized: true,
+    };
+    if (proxy) {
+        return new HttpsProxyAgent(proxy, agentOptions);
+    }
+    return new https.Agent(agentOptions);
+};
+const logProxyConfiguration = (proxy) => {
+    const logger = getLogger();
+    if (proxy) {
+        logVerbose(logger, "using https proxy agent for https proxy");
+        logger.debug(`using https proxy agent for https proxy ${proxy}`);
+    }
+    else {
+        logger.debug("no https proxy defined via environment variable https_proxy");
+    }
+};
+const logTlsConfiguration = () => {
+    const logger = getLogger();
+    const tlsVersion = getTlsVersion();
+    const useLegacyTls = isLegacyTlsDetectionEnabled();
+    logger.debug(`TLS configuration - version: ${tlsVersion}, legacy detection: ${useLegacyTls}`);
+};
+const buildAxiosConfig = (config, httpsAgent) => {
+    return {
+        httpsAgent,
+        proxy: false,
+        ...config,
+        ...DEFAULTS,
+        headers: {
+            ...getCsrfTokenFromConfig(),
+            ...config.headers,
+            "User-Agent": `${getPackageName()}+${getVersion()}`,
+        },
+    };
+};
+const logSuccessResponse = (response) => {
     const cnfg = getConfig();
     const logger = getLogger();
-    const { debug, trace, error } = logger;
+    if (cnfg.verbose) {
+        logVerbose(logger, "%d %s", response.status, response.statusText);
+        printCorrelationId(response);
+    }
+    logger.trace("response", response);
+};
+const logErrorResponse = (err) => {
+    const cnfg = getConfig();
+    const logger = getLogger();
+    logger.error("error while executing http request", err.toString(), err.response);
+    if (cnfg.verbose) {
+        printError(err);
+        printCorrelationId(err.response);
+    }
+};
+const shouldAttemptTlsFallback = (error) => {
+    const tlsVersion = getTlsVersion();
+    const isUsingDefaultTls = tlsVersion === DEFAULT_TLS_VERSION;
+    const isTlsError = isTlsProtocolError(error);
+    return isUsingDefaultTls && isTlsError && !isLegacyTlsDetectionEnabled();
+};
+const executeRequest = async (config, httpsAgent) => {
+    const axiosConfig = buildAxiosConfig(config, httpsAgent);
+    return axios(axiosConfig);
+};
+const attemptTlsFallback = async (config, originalError) => {
+    const logger = getLogger();
+    const { debug, warn, error } = logger;
+    warn("TLSv1.3 connection failed with protocol error, automatically retrying with TLSv1.2");
+    debug("original error:", originalError?.message ??
+        JSON.stringify(originalError));
     try {
-        logVerbose(logger, "%s %s", config.method.toUpperCase(), config.url);
-        debug("http config: %s", JSON.stringify(config));
         const HTTPS_PROXY = process.env.https_proxy ?? process.env.HTTPS_PROXY;
-        const httpsAgent = createHttpsAgent(HTTPS_PROXY);
-        if (HTTPS_PROXY) {
-            logVerbose(logger, "using https proxy agent for https proxy");
-            debug(`using https proxy agent for https proxy ${HTTPS_PROXY}`);
-        }
-        else {
-            debug("no https proxy defined via environment variable https_proxy");
-        }
-        const tlsVersion = getTlsVersion();
-        const useLegacyTls = isLegacyTlsDetectionEnabled();
-        debug(`TLS configuration - version: ${tlsVersion}, legacy detection: ${useLegacyTls}`);
-        const res = await axios({
-            httpsAgent,
-            proxy: false,
-            ...config,
-            ...DEFAULTS,
-            headers: {
-                ...getCsrfTokenFromConfig(),
-                ...config.headers,
-                "User-Agent": `${getPackageName()}+${getVersion()}`,
-            },
-        });
+        const fallbackAgent = createHttpsAgentWithTlsVersion(HTTPS_PROXY, "TLSv1.2");
+        debug("retrying request with TLSv1.2");
+        const res = await executeRequest(config, fallbackAgent);
+        const cnfg = getConfig();
         if (cnfg.verbose) {
-            logVerbose(logger, "%d %s", res.status, res.statusText);
+            logVerbose(logger, "%d %s (fallback to TLSv1.2)", res.status, res.statusText);
             printCorrelationId(res);
         }
-        trace("response", res);
+        debug("TLSv1.2 fallback successful");
+        logger.trace("response", res);
+        return res;
+    }
+    catch (fallbackErr) {
+        error("TLSv1.2 fallback also failed", fallbackErr.toString(), fallbackErr.response);
+        throw fallbackErr;
+    }
+};
+export const fetch = async (config) => {
+    const logger = getLogger();
+    try {
+        logVerbose(logger, "%s %s", config.method.toUpperCase(), config.url);
+        logger.debug("http config: %s", JSON.stringify(config));
+        const HTTPS_PROXY = process.env.https_proxy ?? process.env.HTTPS_PROXY;
+        const httpsAgent = createHttpsAgent(HTTPS_PROXY);
+        logProxyConfiguration(HTTPS_PROXY);
+        logTlsConfiguration();
+        const res = await executeRequest(config, httpsAgent);
+        logSuccessResponse(res);
         setEtag(res.headers);
         return res;
     }
     catch (err) {
-        error("error while executing http request", err.toString(), err.response);
-        if (cnfg.verbose) {
-            printError(err);
-            printCorrelationId(err.response);
+        logErrorResponse(err);
+        setEtag(err?.response?.headers);
+        if (shouldAttemptTlsFallback(err)) {
+            const fallbackResponse = await attemptTlsFallback(config, err);
+            setEtag(fallbackResponse.headers);
+            return fallbackResponse;
         }
-        setEtag(err.response?.headers);
         throw err;
     }
 };

package/utils/openUtils.js CHANGED Viewed

@@ -4,13 +4,26 @@ import { getOptionValueFromConfig } from "./options.js";
 const getLogger = () => getLoggerOrig("utils.open");
 export async function getSupportedBrowsers() {
     const { apps } = await import("open");
-    return (Object.entries(apps)
-        // Private browser is not supported
-        .filter(([name]) => name !== "browserPrivate")
-        .map(([key, value]) => ({
-        name: key,
-        app: value,
-    })));
+    const browsers = [];
+    // Iterate over app keys and safely access each value
+    // Some apps (like safari) may only be available on certain platforms
+    for (const key of Object.keys(apps)) {
+        const name = key;
+        // Skip private browser
+        if (name !== "browserPrivate") {
+            try {
+                // Access the lazy property - may throw if not supported on this platform
+                const value = apps[name];
+                if (value !== undefined) {
+                    browsers.push({ name, app: value });
+                }
+            }
+            catch {
+                // Silently skip apps not supported on this platform (e.g., safari on Windows)
+            }
+        }
+    }
+    return browsers;
 }
 export async function getDefaultBrowser() {
     const { apps } = await import("open");

package/utils/options.js CHANGED Viewed

@@ -14,7 +14,7 @@ export const getOptionValueFromConfigGracefully = (option) => {
     try {
         return getOptionValueFromConfig(option);
     }
-    catch (err) {
+    catch {
         return undefined;
     }
 };