Skip to content

chore(deps): Bump @sap/xssec from 4.12.1 to 4.12.2#6277

Open
davidkna-sap wants to merge 2 commits intomainfrom
davidkna-sap_xssec-4.12.2
Open

chore(deps): Bump @sap/xssec from 4.12.1 to 4.12.2#6277
davidkna-sap wants to merge 2 commits intomainfrom
davidkna-sap_xssec-4.12.2

Conversation

@davidkna-sap
Copy link
Member

@davidkna-sap davidkna-sap commented Jan 27, 2026
edited
Loading

Closes SAP/cloud-sdk-backlog#ISSUENUMBER.

This PR bumps @sap/xssec from 4.12.1 to 4.12.2, fixes tests and adds a changeset.

@davidkna-sap davidkna-sap changed the title chore(deps): bump @sap/xssec from 4.12.1 to 4.12.2 chore(deps): Bump @sap/xssec from 4.12.1 to 4.12.2 Jan 27, 2026
@davidkna-sap davidkna-sap force-pushed the davidkna-sap_xssec-4.12.2 branch from 8322890 to 9d85293 Compare January 27, 2026 10:50
KavithaSiva
KavithaSiva reviewed Jan 29, 2026
View reviewed changes
Copy link
Collaborator

@KavithaSiva KavithaSiva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to be sure of the changes from xssec, if this update is not critical can we release without this update instead?

test-resources/test/test-util/xsuaa-service-mocks.ts
} from '@sap-cloud-sdk/connectivity/internal';
import type { ServiceCredentials } from '@sap-cloud-sdk/connectivity';

export function mockClientCredentialsGrantCall(
Copy link
Collaborator

@KavithaSiva KavithaSiva Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[q] I see that only the Client credentials call with client secret being supplied was changed.
I wonder why this does not affect the client credentials call with certificate or the user token grant call.

Copy link
Collaborator

@KavithaSiva KavithaSiva Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the release notes, it looks like all token retrieval flows are affected.

.changeset/purple-tokens-shift.md
'@sap-cloud-sdk/connectivity': minor
---

[Compatibility Note] Update `@sap/xssec` to version 4.12.2 with changed XSUAA URL behavior.
Copy link
Collaborator

@KavithaSiva KavithaSiva Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[q] I did not manage to find any release notes for the change from xssec.
As the behaviour seems a bit inconsistent(see below), would be nice to cite any documentation from their side.

Copy link
Collaborator

@KavithaSiva KavithaSiva Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found it: https://github.wdf.sap.corp/CPSecurity/node-xs2sec/releases/tag/rel%2F4.12.2

@dependabot
chore(deps): bump @sap/xssec from 4.12.1 to 4.12.2
9f5e2db 
Bumps @sap/xssec from 4.12.1 to 4.12.2.

---
updated-dependencies:
- dependency-name: "@sap/xssec"
  dependency-version: 4.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@davidkna-sap davidkna-sap force-pushed the davidkna-sap_xssec-4.12.2 branch from 9d85293 to fa9e406 Compare January 30, 2026 14:26
@davidkna-sap davidkna-sap force-pushed the davidkna-sap_xssec-4.12.2 branch from fa9e406 to 62add37 Compare January 30, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marikaner marikaner Awaiting requested review from marikaner

@KavithaSiva KavithaSiva Awaiting requested review from KavithaSiva

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davidkna-sap @KavithaSiva