May 2021 ​

Important Changes❗️ ​

Minimum Node.js Version Enforced ​

Node.js v12.18 as minimum version (announced in March) is now checked on server startup, to prevent further errors due to older Node.js versions. If startup errors occur, see the Troubleshooting guide for more details.

Multitenancy Changes ​

Default Scope Checks for SaaS Provisioning and Upgrade Requests ​

SaaS provisioning operations GET, PUT, and DELETE on API /mtx/v1/provisioning/tenant/ now require scope mtcallback. Upgrade calls on API /mtx/v1/model/upgrade/ and /mtx/v1/model/upgradeAsync/ now require scope mtdeployment. With that, it is no longer required to provide own scope checks in a provisioning handler implementation to ensure security.
This is now aligned with the mandatory scope check required for the CAP Java SDK.
To adapt the scope names to the CAP Java SDK scope configuration, the scope names can be changed using the following CDS configuration:

"mtx": {
    "security": {
        "subscription-scope": "myApp.subscription",
        "deployment-scope": "myApp.deployment"
    }
}

Enhanced extension-allowlist and Changed Default for Allowlist ​

The default behavior of the extension-allowlist has changed. If extension-allowlist is not configured, it is not allowed to apply any extension.
Extensions can be easily enabled for all entities and services by adding the following to the configuration.

"mtx": {
  "extension-allowlist": [
      { "for": ["*"] }
  ]
}

Dependencies Included with MTX ​

@sap/hdi-deploy and @sap/instance-manager are now directly required by @sap/cds-mtx. Therefore, they can be left out of your package.json dependencies.

Capire Docs & Samples ​

New Guide Managing Data Privacy ​

A new cookbook related to data-privacy requirements is available. We give a general introduction to the topic and showcase how to use a CAP application with the SAP Personal Data Manager service of SAP BTP. You can use our cap/samples to follow along and try it hands-on in your enterprise account (entitlement required).

Revised Guide for Authorization ​

Two new sections have been added to the cookbook Authorization. In section Events to Auto-Exposed Entities, we demonstrate in a small example which events can be sent to auto-exposed entities. Restrictions of Auto-Exposed and Generated Entities explains the authorization rules that apply for request to auto-exposed or generated entities that have no explicit restrictions.

Anchor Links ​

You can now share direct links to sections by copying its anchor link. The anchor icon appears when hovering a section heading.

Command Line / Toolkit ​

Automatically Open Application URL ​

cds watch --open automatically opens the application's URL in the browser. You can also specify a custom URL like cds watch --open browse/Books.

This also works in SAP Business Application Studio, where a separate browser tab is opened.

Node.js Runtime ​

Observability Improvements ​

Logging Facade (beta) ​

cds.log() is a minimalistic logging framework and is used throughout the Node.js runtime, including the inherited @sap/odata-server. By default, it logs to console. However, it allows to plug in other logging modules such as Winston, Bunyan, or Morgan. See section cds.log() for more details.

Custom Error Handler (beta) ​

Stakeholders can now register a custom error handler that is invoked whenever an error will be returned to the client. See section srv.on('error', (err, req) => {}) for more details.

Generic Providers ​

Improved Input Validation ​

The input validation framework was extended to support arrayed elements.

Example:

entity MyEntity {
  // …
  emails: array of {
    to: String not null @assert.format: '.+\@.+\..+';
    subject: String not null;
    body: String;
  };
};

Further, the relevant input- and modeling-related information of assertion errors was added to the error message. For example, for input 4 and modeling @assert.range: [0, 3], the message now reads Value 4 is not in specified range [1,3] instead of only Value is not in specified range..

Additions to Managed Data ​

The Node.js runtime now supports pseudo variables $uuid and $user.<attr> in managed data. Further, static values can be specified, for example @cds.on.insert: 'foo'. See section Managed Data for more details.

Draft Handling ​

Finally, the generic read handler for drafts-enabled entities now correctly returns a single object if the key of the entity is provided. Before, it erroneously returned an array with a single entry.

CSRF-Token Handling in Service Consumption ​

If the remote system you want to consume requires it, you can enable the new CSRF-token handling of @sap-cloud-sdk/core via cds.env.features.fetch_csrf = true.

Java SDK ​

Streaming Support ​

The CAP Java SDK now supports streaming of media data. You can leverage this feature by annotating entity properties with @Core.MediaType.

Improved H2 Database Support ​

H2 databases are now automatically detected as embedded databases, ensuring that CSV files are automatically initialized.

Improved CSV File Handling ​

CSV files with locale ending are now supported for text tables of localized entities (for example, Books.texts_de.csv) when initializing in-memory databases.

Support for Type References ​

The CDS Reflection API and code generator now support type references:

entity Person {
  key ID : UUID;
}
entity Author {
  key ID : Person:ID;  // type ref
}

The Reflection API resolves type references, so that they can be accessed in the same way as standard types:

CdsModel model = CdsModel.read(csn);
CdsType type = model.getEntity("Author").getElement("ID").getType();

Check if a CQN Statement Is a Count Query ​

CqnAnalyzer.isCountQuery(cqn) allows to check if a CQN statement only returns a single count.

CQL API ​

CQL.literal(val) has been deprecated and replaced by CQL.constant(val) and CQL.val(val) for defining constant and non-constant values.

Performance Improvements ​

The performance of to-many expands and deep updates has been improved.