Skip to main content

Release Notes

build License

4.1.2 [Core Modules] - September 18, 2025

Fixed Issues

  • [connectivity, http-client, openapi, resilience, util] Update axios to 1.12.2 to fix vulnerability to DoS attack. Refer here for more details. (011b841)

4.1.1 [Core Modules] - July 31, 2025

Fixed Issues

  • [connectivity, http-client, openapi, resilience, util] Update axios to 1.11.0 to use non-vulnerable version of form-data. (b502b40)

4.1.0 [Core Modules] - July 21, 2025

Compatibility Notes

  • [connectivity] The getDestinationFromDestinationService() function no longer verifies the incoming XSUAA JWT against the application's bound XSUAA instance. Consequently, the cacheVerificationKeys option is now deprecated and has no effect. (3c19ffa)

Improvements

  • [connectivity] Remove dependency on XSUAA service binding while retrieving destinations using getDestinationFromDestinationService() and getAllDestinationsFromDestinationService() functions. (3c19ffa)

4.0.2 [Core Modules] - March 18, 2025

Fixed Issues

  • [connectivity] Remove destination cache in getDestinationFromServiceBinding() function to let cached destinations retrieved in getDestinationFromDestinationService() function be added with the proxyConfiguration property.
    • @sap-cloud-sdk/resilience@4.0.2
    • @sap-cloud-sdk/util@4.0.2 (4a187d6)

4.0.1 [Core Modules] - March 05, 2025

Fixed Issues

  • [eslint-config] Downgrade @stylistic/eslint-plugin to v3 as v4 is EMS-only. (97ad0ad)

4.0.0 [Core Modules] - March 04, 2025

Improvements

  • [connectivity] Enable destination caching by default when retrieving destinations via the destination service. Change affects behavior of getDestination() method, getAllDestinationsFromDestinationService() method, generated client's execute() method and generic HTTP requests execution using executeHttpRequest(). (d69325a)
  • [generator, odata-common, odata-v4] Support precision handling during serialization of Edm.DateTimeOffset fields in OData v4. (ab6ca60)

Compatibility Notes

  • [connectivity] Disable iasToXsuaaTokenExchange by default if not defined. (25c9dd8)
  • [connectivity] The following deprecated content has been removed from the package:
    • The behaviour of getAgentConfig() function is changed to be asynchronous. The temporary asynchronous function getAgentConfigAsync() has been removed.
    • The destinationForServiceBinding() function has been removed. Use getDestinationFromServiceBinding() instead.
    • The PartialDestinationFetchOptions type has been removed. Use either ServiceBindingTransformOptions or getDestinationFromServiceBinding() function.
    • The serviceToken() function no longer takes xsuaaCredentials as part of the options parameter.
    • The parseDestination() function is no longer a public API.
    • The DestinationForServiceBindingOptions interface has been renamed to DestinationFromServiceBindingOptions. (7d92a1b)
  • [odata-common] The following deprecated content has been removed from the package:
    • The FunctionImportParameters type has been removed. Use OperationParameters instead.
    • The ODataFunctionImportRequestConfig constant has been removed. Use ODataFunctionRequestConfig instead.
    • The FunctionImportParameter constant has been removed. Use OperationParameter instead.
    • The ActionFunctionImportRequestBuilderBase constant has been removed. Use OperationRequestBuilderBase instead. (7d92a1b)
  • [odata-v2] The following deprecated content has been removed from the package:
    • The ODataFunctionImportRequestConfig constant has been removed. Use ODataFunctionRequestConfig instead.
    • The FunctionImportRequestBuilder constant has been removed. Use OperationRequestBuilder instead. (7d92a1b)
  • [odata-v4] The following deprecated content has been removed from the package:
    • The ODataFunctionImportRequestConfig constant has been removed. Use ODataFunctionRequestConfig instead.
    • The ActionImportParameter class has been removed. Use OperationParameter instead.
    • The ActionImportParameters type has been removed. Use OperationParameters instead.
    • The FunctionImportRequestBuilder class has been removed. Use OperationRequestBuilder instead.
    • The BoundFunctionImportRequestBuilder class has been removed. Use OperationRequestBuilder instead.
    • The BoundActionImportRequestBuilder class has been removed. Use OperationRequestBuilder instead.
    • The ODataActionImportRequestConfig constant has been removed. Use ODataActionRequestConfig instead.
    • The ODataBoundActionImportRequestConfig class has been removed. Use ODataBoundActionRequestConfig instead.
    • The OdataBoundFunctionImportRequestConfig constant has been removed. Use ODataBoundFunctionRequestConfig instead.
    • The ActionImportRequestBuilder class has been removed. Use OperationRequestBuilder instead. (7d92a1b)
  • [resilience] The following deprecated content has been removed from the package:
    • The circuitBreakerHttp constant has been removed. Use circuitBreaker instead. (7d92a1b)
  • [util] The following deprecated content has been removed from the package:
    • The assoc constant has been removed. There is no replacement. (7d92a1b)