- [connectivity] IAS tokens are now cached via
@sap/xssec.@sap/xssecuses an LRU cache limited to 100 items, previously this cache was unbound. (9102f18) - [eslint-config] Replaced
eslint-plugin-importwitheslint-plugin-import-x. Please ensure that you haveeslint-plugin-import-xinstalled. (9cbf19d)
- [connectivity] Add
createDestinationFromIasService()convenience function to build IAS-backed destinations. This function aims to offer more convenience for obtaining IAS-backed destinations outside SAP BTP-environments. (9102f18) - [connectivity] Add
getIasToken()convenience function to fetch IAS token. This function aims to offer more convenience for obtaining IAS tokens outside SAP BTP-environments. (9102f18)
- [connectivity] Avoid caching JWT if
forwardAuthTokenis set totrue.- @sap-cloud-sdk/resilience@4.7.0
- @sap-cloud-sdk/util@4.7.0 (df84426)
- [http-client] Warn when the CSRF token fetch URL has a different host than the request URL, as sensitive headers would be forwarded to the cross-host endpoint. (67e1c53)
- [connectivity, http-client] Cache custom http and https agents and enable the keep-alive option by default. (d54ba5a)
- [connectivity, http-client] Use node's global http/https agent unless a custom agent is required by the destination configuration. (d54ba5a)
- [util] Deprecate
unixEOLandwebEOL. Use '\n' or '\r\n' respectively. (a6c8ff6)
- [connectivity] Destinations with authentication type "SAMLAssertion" are no longer cached, even if caching is enabled. (see #6396) (0800e7a)
- [connectivity] Support
TrustStoreLocationforOAuth2ClientCredentialsdestinations. (8637346) - [connectivity] Extend
isDestinationFetchOptionsto checkserviceproperty. (259d8ad) - [http-client] Improve handling of missing
zlib-module in thecompress()middleware and lazy-load it only when needed. To compress requests in the browser, ensure that a suitable polyfill is provided. (7ea34ce)
- [eslint-config] Correct formatting in ESLint flat-config (330230c)
- [connectivity] Update
@sap/xssecto version 4.12.2 with changed XSUAA URL behavior. When fetching XSUAA tokens with zone ID (multi-tenant scenarios), xssec now uses the base domain without a tenant subdomain prefix. (02d1302)
- [openapi, openapi-generator] Support request bodies with content type "multipart/form-data". (3b95c42)
- [openapi-generator] Allow OpenAPI version 3.1. style "type": "null" schemas. OpenAPI version 3.1. support is limited. (007541a)
- [connectivity] Allow passing a
servicebinding directly throughDestinationFromServiceBindingOptionsinstead of looking it up by name. (962cdcb) - [http-client] Add
signalproperty toCustomRequestConfigandHttpRequestConfigBasetype definition to documentAbortSignalsupport for cancelling HTTP requests. (cbed72f) - [http-client] Add request compression middleware.
Use the
compress()middleware to compress HTTP request payloads using gzip, brotli, deflate, or zstd algorithms. Supports multiple compression modes: auto (size-based), passthrough (pre-compressed), or forced compression. (f5715de)
- [connectivity] Support IAS (App-to-App) authentication. Use
transformServiceBindingToDestination()function orgetDestinationFromServiceBinding()function to create a destination targeting an IAS application. (d444438)
- [eslint-config] Open the peer dependency range of the
eslintmodule to include version 8 and 9. Version 9 can now be used without the potentially unsafe npm flag--legacy-peer-deps. (6431463)
- [connectivity] Support certificates in JKS format for
ClientCertificateAuthentication. (ab96aff)
- [generator, generator-common] Introduce option
generateESMin OData generator to generate ESM compatible code. (c73c7fa)
- [openapi] Fix missing
type: modulein generatedpackage.jsonwhen--generateESMoption is enabled. (e09754a) - [openapi-generator] Improve the handling of arrays of enums (f17ca59)
- [connectivity, http-client, openapi, resilience, util] Update
axiosto1.12.2to fix vulnerability to DoS attack. Refer here for more details. (011b841)
- [connectivity, http-client, openapi, resilience, util] Update
axiosto1.11.0to use non-vulnerable version ofform-data. (b502b40)
- [connectivity] The
getDestinationFromDestinationService()function no longer verifies the incoming XSUAA JWT against the application's bound XSUAA instance. Consequently, thecacheVerificationKeysoption is now deprecated and has no effect. (3c19ffa)
- [connectivity] Remove dependency on XSUAA service binding while retrieving destinations using
getDestinationFromDestinationService()andgetAllDestinationsFromDestinationService()functions. (3c19ffa)
- [connectivity] Remove destination cache in
getDestinationFromServiceBinding()function to let cached destinations retrieved ingetDestinationFromDestinationService()function be added with theproxyConfigurationproperty.- @sap-cloud-sdk/resilience@4.0.2
- @sap-cloud-sdk/util@4.0.2 (4a187d6)
- [eslint-config] Downgrade
@stylistic/eslint-pluginto v3 as v4 is EMS-only. (97ad0ad)
- [connectivity] Enable destination caching by default when retrieving destinations via the destination service. Change affects behavior of
getDestination()method,getAllDestinationsFromDestinationService()method, generated client'sexecute()method and generic HTTP requests execution usingexecuteHttpRequest(). (d69325a) - [generator, odata-common, odata-v4] Support precision handling during serialization of
Edm.DateTimeOffsetfields in OData v4. (ab6ca60)
- [connectivity] The following deprecated content has been removed from the package:
- The behaviour of
getAgentConfig()function is changed to be asynchronous. The temporary asynchronous functiongetAgentConfigAsync()has been removed. - The
destinationForServiceBinding()function has been removed. UsegetDestinationFromServiceBinding()instead. - The
PartialDestinationFetchOptionstype has been removed. Use eitherServiceBindingTransformOptionsorgetDestinationFromServiceBinding()function. - The
serviceToken()function no longer takesxsuaaCredentialsas part of theoptionsparameter. - The
parseDestination()function is no longer a public API. - The
DestinationForServiceBindingOptionsinterface has been renamed toDestinationFromServiceBindingOptions. (7d92a1b)
- The behaviour of
- [connectivity] Disable
iasToXsuaaTokenExchangeby default if not defined. (25c9dd8) - [odata-common] The following deprecated content has been removed from the package:
- The
FunctionImportParameterstype has been removed. UseOperationParametersinstead. - The
ODataFunctionImportRequestConfigconstant has been removed. UseODataFunctionRequestConfiginstead. - The
FunctionImportParameterconstant has been removed. UseOperationParameterinstead. - The
ActionFunctionImportRequestBuilderBaseconstant has been removed. UseOperationRequestBuilderBaseinstead. (7d92a1b)
- The
- [odata-v2] The following deprecated content has been removed from the package:
- The
ODataFunctionImportRequestConfigconstant has been removed. UseODataFunctionRequestConfiginstead. - The
FunctionImportRequestBuilderconstant has been removed. UseOperationRequestBuilderinstead. (7d92a1b)
- The
- [odata-v4] The following deprecated content has been removed from the package:
- The
ODataFunctionImportRequestConfigconstant has been removed. UseODataFunctionRequestConfiginstead. - The
ActionImportParameterclass has been removed. UseOperationParameterinstead. - The
ActionImportParameterstype has been removed. UseOperationParametersinstead. - The
FunctionImportRequestBuilderclass has been removed. UseOperationRequestBuilderinstead. - The
BoundFunctionImportRequestBuilderclass has been removed. UseOperationRequestBuilderinstead. - The
BoundActionImportRequestBuilderclass has been removed. UseOperationRequestBuilderinstead. - The
ODataActionImportRequestConfigconstant has been removed. UseODataActionRequestConfiginstead. - The
ODataBoundActionImportRequestConfigclass has been removed. UseODataBoundActionRequestConfiginstead. - The
OdataBoundFunctionImportRequestConfigconstant has been removed. UseODataBoundFunctionRequestConfiginstead. - The
ActionImportRequestBuilderclass has been removed. UseOperationRequestBuilderinstead. (7d92a1b)
- The
- [resilience] The following deprecated content has been removed from the package:
- The
circuitBreakerHttpconstant has been removed. UsecircuitBreakerinstead. (7d92a1b)
- The
- [util] The following deprecated content has been removed from the package:
- The
assocconstant has been removed. There is no replacement. (7d92a1b)
- The