Bump @cap-js/attachments from 3.8.0 to 3.11.0

[dependabot]

Bumps @cap-js/attachments from 3.8.0 to 3.11.0.

Release notes

Sourced from @​cap-js/attachments's releases.

v3.11.0

Added

• Support for controlling content overwrite behavior via @Capabilities.UpdateRestrictions.NonUpdateableProperties. By default, content is listed as non-updateable, preventing overwrites with a 409 error. Setting the annotation to an empty array ([]) on a specific attachment composition allows content to be overwritten.

Fixed

• When cds.env.fiori.bypass_draft was enabled attachments were wrongfully deleted

v3.10.0

Added

• Emit the following security events on the attachments service: - AttachmentDownloadRejected, AttachmentSizeExceeded AttachmentUploadRejected.
• If @cap-js/audit-logging is installed automatically trigger audit logs for the security events.
• Duplicate file names to a single attachment entity are automatically assigned a distinguishing suffix.
• Local testing using a Postgres database now possible.
• Native server-side copy() method on AttachmentsService for copying attachments between entities without transferring binary data through the application. Supports all storage backends (DB, AWS S3, Azure Blob Storage, GCP Cloud Storage) with backend-native copy operations.

Fixed

• Fixed bug where deeply nested attachments were not properly handled.
• Fixed bug to allow navigation of self-referencing entities.
• Fix that POST requests for attachments did not have a response when the plugin is used with an object store.

v3.9.0

Fixed

• Fixed security vulnerability where @Core.AcceptableMediaTypes validation could be bypassed during content upload by manipulating the Content-Type header. The mimeType is now validated against the value stored in the database (derived from filename extension) rather than the request header.
• Relaxed requirement for Content-Length header; stream length validation is now used as an additional check to leverage support for chunked uploads.
• Fixed bug where self-referencing entities caused overflow error due to infinite looping.
• Fixed bug in which discarded drafts would save files to database.
• Now allows for downloading files while in draft mode.

Changelog

Sourced from @​cap-js/attachments's changelog.

Version 3.11.0

Added

• Support for controlling content overwrite behavior via @Capabilities.UpdateRestrictions.NonUpdateableProperties. By default, content is listed as non-updateable, preventing overwrites with a 409 error. Setting the annotation to an empty array ([]) on a specific attachment composition allows content to be overwritten.

Fixed

• When cds.env.fiori.bypass_draft was enabled attachments were wrongfully deleted

Version 3.10.0

Added

• Emit the following security events on the attachments service: - AttachmentDownloadRejected, AttachmentSizeExceeded AttachmentUploadRejected.
• If @cap-js/audit-logging is installed automatically trigger audit logs for the security events.
• Duplicate file names to a single attachment entity are automatically assigned a distinguishing suffix.
• Local testing using a Postgres database now possible.
• Native server-side copy() method on AttachmentsService for copying attachments between entities without transferring binary data through the application. Supports all storage backends (DB, AWS S3, Azure Blob Storage, GCP Cloud Storage) with backend-native copy operations.

Fixed

• Fixed bug where deeply nested attachments were not properly handled.
• Fixed bug to allow navigation of self-referencing entities.
• Fix that POST requests for attachments did not have a response when the plugin is used with an object store.

Version 3.9.0

Fixed

• Fixed security vulnerability where @Core.AcceptableMediaTypes validation could be bypassed during content upload by manipulating the Content-Type header. The mimeType is now validated against the value stored in the database (derived from filename extension) rather than the request header.
• Relaxed requirement for Content-Length header; stream length validation is now used as an additional check to leverage support for chunked uploads.
• Fixed bug where self-referencing entities caused overflow error due to infinite looping.
• Fixed bug in which discarded drafts would save files to database.
• Now allows for downloading files while in draft mode.

Commits

• 477f1b3 Fix/bypass draft does not cause attachment deletion (#417)
• 51ae0e4 Add content overwrite support (#415)
• 0619fac Update CHANGELOG for version 3.10.0
• 9cef568 feat: add native server-side copy() for attachment duplication (#405)
• da4c19d Fix response for POST requests (#413)
• bbecaf0 Translation Delivery (#412)
• ac1df2e Append suffix of duplicate file names (#387)
• c1973ca Add audit logging for sec events (#410)
• 7ef34a3 Postgres Pipeline (#408)
• a6c59c2 feat: rejection events (#404)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.