• Add statement-level query tag support (#366 by @sreekanth-db)
• Add AI coding agent detection to User-Agent header (#333 by @vikrantpuppala)
• Internal: telemetry infrastructure improvements — circuit breaker, feature flag cache, telemetry client management (off by default) (#325, #326, #362)

What's Changed

• Add token federation support with custom token providers (#318, #319, #320 by @madhav-db)
• Add metric view metadata support (#312 by @shivam2680)
• Fix: Avoid calling require('lz4') if it's really not required (#316 by @ikkala)
• Fix flaky Iterator tests by making metadata fetching async-safe (#313 by @shivam2680)
• Remove notification spam when someone opens a PR (#322 by @samikshya-db)
• Add telemetry foundation (off by default) (#324 by @samikshya-db)

New Contributors

• @ikkala made their first contribution in #316
• @madhav-db made their first contribution in #318

Full Changelog: 1.12.0...1.13.0

What's Changed

• Support for session parameters (#307 by @sreekanth-db)
• Add metric logging for cloud fetch (#305 by @shivam2680)

Full Changelog: 1.11.0...1.12.0

What's Changed

• Enable cloud fetch by default by @shivam2680 in #287
• Added useLZ4Compression in ExecuteStatementOptions making compression configurable by @shivam2680 in #288
• Improve handling of extra / in URLs by @vikrantpuppala in #290
• Add thrift protocol version handling for driver features by @shivam2680 in #292
• Cleanup fields as they might be deprecated/removed/change in the future by @vikrantpuppala in #295
• Add lenient LZ4 check to handle dependecy errors gracefully. by @samikshya-db in #298

New Contributors

• @vikrantpuppala made their first contribution in #290
• @samikshya-db made their first contribution in #298

Full Changelog: 1.10.0...1.11.0

What's Changed

• renamed clientId to userAgentHeader in connect args by @shivam2680 in #281
• Give warning for deprecated clientId param by @shivam2680 in #282

New Contributors

• @shivam2680 made their first contribution in #278

Full Changelog: 1.9.0...1.10.0

What's Changed

• Fix: Fix the type check in polyfills.ts by @kravets-levko in #254
• Allow any number type by @kravets-levko in #255
• Support iterable interface for IOperation by @kravets-levko in #252
• Support streaming query results via Node.js streams by @kravets-levko in #262
• Add custom auth headers into cloud fetch request by @jackyhu-db in #267
• Support OAuth on databricks.azure.cn by @jackyhu-db in #271

Full Changelog: 1.8.4...1.9.0

• Fix: proxy agent unintentionally overwrites protocol in URL (#241)
• Improve Array.at/TypedArray.at polyfill (#242 by @barelyhuman)
• UC Volume ingestion: stream files instead of loading them into memory (#247)
• UC Volume ingestion: improve behavior on SQL REMOVE (#249)
• Expose session and query ID (#250)
• Make lz4 module optional so package manager can skip it when cannot install (#246)

Full diff: 1.8.3...1.8.4

• Improved retry behavior (#230)
• Fix: in some cases library returned too many results (#239)

Full diff: 1.8.2...1.8.3

Improved results handling when running queries against older DBR versions (#232)

Full diff: 1.8.1...1.8.2

This is a security release which addresses issues with library dependencies

https://github.com/databricks/databricks-sql-nodejs/security/dependabot/34

An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and
obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request
Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between
public and private IP addresses.