Skip to content

Bump @sap-cloud-sdk/util from 4.0.2 to 4.7.0#200

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sap-cloud-sdk/util-4.7.0
Open

Bump @sap-cloud-sdk/util from 4.0.2 to 4.7.0#200
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sap-cloud-sdk/util-4.7.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps @sap-cloud-sdk/util from 4.0.2 to 4.7.0.

Release notes

Sourced from @​sap-cloud-sdk/util's releases.

v4.7.0

Compatibility Notes

  • [connectivity] IAS tokens are now cached via @sap/xssec. @sap/xssec uses an LRU cache limited to 100 items, previously this cache was unbound. (9102f18)
  • [eslint-config] Replaced eslint-plugin-import with eslint-plugin-import-x. Please ensure that you have eslint-plugin-import-x installed. (9cbf19d)

New Features

  • [connectivity] Add createDestinationFromIasService() convenience function to build IAS-backed destinations. This function aims to offer more convenience for obtaining IAS-backed destinations outside SAP BTP-environments. (9102f18)
  • [connectivity] Add getIasToken() convenience function to fetch IAS token. This function aims to offer more convenience for obtaining IAS tokens outside SAP BTP-environments. (9102f18)

Fixed Issues

  • [connectivity] Avoid caching JWT if forwardAuthToken is set to true.
    • @​sap-cloud-sdk/resilience@​4.7.0
    • @​sap-cloud-sdk/util@​4.7.0 (df84426)
  • [http-client] Warn when the CSRF token fetch URL has a different host than the request URL, as sensitive headers would be forwarded to the cross-host endpoint. (67e1c53)

Improvements

  • [connectivity, http-client] Cache custom http and https agents and enable the keep-alive option by default. (d54ba5a)
  • [connectivity, http-client] Use node's global http/https agent unless a custom agent is required by the destination configuration. (d54ba5a)

v4.6.0

Compatibility Notes

  • [util] Deprecate unixEOL and webEOL. Use '\n' or '\r\n' respectively. (a6c8ff6)

Fixed Issues

  • [connectivity] Destinations with authentication type "SAMLAssertion" are no longer cached, even if caching is enabled. (see SAP/cloud-sdk-js#6396) (0800e7a)
  • [connectivity] Support TrustStoreLocation for OAuth2ClientCredentials destinations. (8637346)
  • [connectivity] Extend isDestinationFetchOptions to check service property. (259d8ad)
  • [http-client] Improve handling of missing zlib-module in the compress() middleware and lazy-load it only when needed. To compress requests in the browser, ensure that a suitable polyfill is provided. (7ea34ce)

v4.5.1

Fixed Issues

  • [eslint-config] Correct formatting in ESLint flat-config (330230c)

v4.5.0

Compatibility Notes

  • [connectivity] Update @sap/xssec to version 4.12.2 with changed XSUAA URL behavior. When fetching XSUAA tokens with zone ID (multi-tenant scenarios), xssec now uses the base domain without a tenant subdomain prefix. (02d1302)

... (truncated)

Changelog

Sourced from @​sap-cloud-sdk/util's changelog.

4.7.0

4.6.0

Minor Changes

  • a6c8ff6: [Compatibility Note] Deprecate unixEOL and webEOL. Use '\n' or '\r\n' respectively.

4.5.1

4.5.0

4.4.0

4.3.1

4.3.0

4.2.0

4.1.2

Patch Changes

  • 011b841: [Fixed Issue] Update axios to 1.12.2 to fix vulnerability to DoS attack. Refer here for more details.

4.1.1

Patch Changes

  • b502b40: [Fixed Issue] Update axios to 1.11.0 to use non-vulnerable version of form-data.

4.1.0

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​sap-cloud-sdk/util since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump @sap-cloud-sdk/util from 4.0.2 to 4.7.0
24cddf5 
Bumps [@sap-cloud-sdk/util](https://github.com/SAP/cloud-sdk-js/tree/HEAD/packages/util) from 4.0.2 to 4.7.0.
- [Release notes](https://github.com/SAP/cloud-sdk-js/releases)
- [Changelog](https://github.com/SAP/cloud-sdk-js/blob/main/packages/util/CHANGELOG.md)
- [Commits](https://github.com/SAP/cloud-sdk-js/commits/v4.7.0/packages/util)

---
updated-dependencies:
- dependency-name: "@sap-cloud-sdk/util"
  dependency-version: 4.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants