Bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the /packages/backend directory: @backstage/backend-defaults, @backstage/plugin-permission-backend and @backstage/plugin-scaffolder-backend.

Updates @backstage/backend-defaults from 0.5.3 to 0.15.2

Changelog

Sourced from @​backstage/backend-defaults's changelog.

0.15.2

Patch Changes

• 7455dae: Use node prefix on native imports
• 44f5d04: Minor internal restructure of the postgres config loading code
• 4fc7bf0: Bump to tar v7
• 5dd683f: createRateLimitMiddleware is now exported from @backstage/backend-defaults/httpRouter
• 8dd518a: Support connection.type: azure in database client to use Microsoft Entra authentication with Azure database for PostgreSQL
• 69d880e: Bump to latest zod to ensure it has the latest features
• Updated dependencies
  • @​backstage/backend-app-api@​1.5.0
  • @​backstage/integration@​1.20.0
  • @​backstage/integration-aws-node@​0.1.20
  • @​backstage/backend-plugin-api@​1.7.0
  • @​backstage/backend-dev-utils@​0.1.7
  • @​backstage/config-loader@​1.10.8
  • @​backstage/cli-node@​0.2.18
  • @​backstage/plugin-auth-node@​0.6.13
  • @​backstage/plugin-permission-node@​0.10.10
  • @​backstage/plugin-events-node@​0.4.19

0.15.2-next.1

Patch Changes

• 8dd518a: Support connection.type: azure in database client to use Microsoft Entra authentication with Azure database for PostgreSQL
• Updated dependencies
  • @​backstage/integration@​1.20.0-next.1
  • @​backstage/cli-node@​0.2.18-next.1
  • @​backstage/backend-plugin-api@​1.7.0-next.1

0.15.1-next.0

Patch Changes

• 7455dae: Use node prefix on native imports
• 44f5d04: Minor internal restructure of the postgres config loading code
• 4fc7bf0: Bump to tar v7
• 69d880e: Bump to latest zod to ensure it has the latest features
• Updated dependencies
  • @​backstage/integration-aws-node@​0.1.20-next.0
  • @​backstage/backend-plugin-api@​1.7.0-next.0
  • @​backstage/backend-dev-utils@​0.1.7-next.0
  • @​backstage/config-loader@​1.10.8-next.0
  • @​backstage/integration@​1.19.3-next.0
  • @​backstage/cli-node@​0.2.17-next.0
  • @​backstage/plugin-auth-node@​0.6.12-next.0
  • @​backstage/backend-app-api@​1.5.0-next.0
  • @​backstage/plugin-permission-node@​0.10.9-next.0

... (truncated)

Commits

• See full diff in compare view

Updates @backstage/plugin-permission-backend from 0.5.55 to 0.7.9

Changelog

Sourced from @​backstage/plugin-permission-backend's changelog.

0.7.9

Patch Changes

• 7455dae: Use node prefix on native imports
• 69d880e: Bump to latest zod to ensure it has the latest features
• Updated dependencies
  • @​backstage/backend-plugin-api@​1.7.0
  • @​backstage/plugin-auth-node@​0.6.13
  • @​backstage/plugin-permission-common@​0.9.6
  • @​backstage/plugin-permission-node@​0.10.10

0.7.8-next.0

Patch Changes

• 7455dae: Use node prefix on native imports
• 69d880e: Bump to latest zod to ensure it has the latest features
• Updated dependencies
  • @​backstage/backend-plugin-api@​1.7.0-next.0
  • @​backstage/plugin-auth-node@​0.6.12-next.0
  • @​backstage/plugin-permission-common@​0.9.5-next.0
  • @​backstage/plugin-permission-node@​0.10.9-next.0
  • @​backstage/config@​1.3.6
  • @​backstage/errors@​1.2.7

0.7.7

Patch Changes

• de96a60: chore(deps): bump express from 4.21.2 to 4.22.0
• Updated dependencies
  • @​backstage/plugin-auth-node@​0.6.10
  • @​backstage/plugin-permission-node@​0.10.7
  • @​backstage/backend-plugin-api@​1.6.0

0.7.7-next.1

Patch Changes

• de96a60: chore(deps): bump express from 4.21.2 to 4.22.0
• Updated dependencies
  • @​backstage/plugin-auth-node@​0.6.10-next.1
  • @​backstage/plugin-permission-node@​0.10.7-next.1
  • @​backstage/backend-plugin-api@​1.6.0-next.1
  • @​backstage/config@​1.3.6
  • @​backstage/errors@​1.2.7
  • @​backstage/plugin-permission-common@​0.9.3

0.7.7-next.0

... (truncated)

Commits

• See full diff in compare view

Updates @backstage/plugin-scaffolder-backend from 1.33.0 to 3.1.3

Release notes

Sourced from @​backstage/plugin-scaffolder-backend's releases.

v1.48.1

This patch release fixes the following issues:

• Add missing sharing extensions sidebar item in frontend system architecture docs
• Fix type compatibility for older plugins in FrontendFeature type

v1.48.0

These are the release notes for the v1.48.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

BREAKING ALPHA: Catalog extension points graduated

If you are providing custom processors and entity providers into the catalog, you will now note that several (but not quite all!) of those extension points have graduated out of alpha and into the regular stable exports.

Thus, if you are importing for example catalogProcessingExtensionPoint from @backstage/plugin-catalog-node/alpha, you now want to remove that /alpha suffix.

BREAKING: API restrictions in New Frontend System

In the 1.47 release a new behavior was introduced to the New Frontend System that limits the ability for plugins and modules to provide APIs to plugins other than themselves. For example, the scaffolder plugin could no longer install a custom CatalogApi implementation. This also applies to modules, where you now need to use a module explicitly targeting the 'app' plugin to for example override the ErrorApi.

In 1.47 this new behavior simply triggered a warning, but in this release the API overrides are instead rejected with an error.

Experimental Client ID Metadata Documents

With the latest MCP specification published in November, it outlined a new authorization method that’s going to take over from Dynamic Client Registration called Client ID Metadata Documents.

This can be enabled in the auth-backend plugin by using the auth.experimentalClientIdMetadataDocuments.enabled flag in config.

Be sure to head over to the changelog for additional configuration and security considerations.

Experimental Refresh Token Support

Clients can now request the offline_access scope to receive refresh tokens when auth.experimentalRefreshToken.enabled is set, allowing new access tokens without re-authentication. This can be highly useful when using experimentalDynamicClientRegistration so that the tokens don’t expire every 1h by default, which then triggers another auth session approval request.

This also means that auth.experimentalDynamicClientRegistration.tokenExpiration has been removed in favor of using this method as a BREAKING EXPERIMENTAL change.

New Frontend System: Testing utilities

The testing utilities for the new frontend system have gotten an overhaul in this release, with all new features documented in the plugin testing section. Some highlights include that mountedRoutes and apis options are available for all harnesses where applicable. The selection of mockApis has been increased to support more of the core APIs and have both Jest and minimal implementation mocks. The mockApis now also produces values that can be passed directly to the various testing apis options, without the need to wrap [ref, impl] tuples.

Utilities for creating frontend and backend mocks

Both @backstage/frontend-test-utils and @backstage/backend-test-utils now export utilities for creating service and API mocks, createServiceMock and createApiMock. These utilities create the same kind of mock utilities as the ones provided by mockServices and mockApis, and are encouraged to be exported via the /testUtils sub-path export from packages, similar to how this pattern is used in @backstage/plugin-catalog-react.

New Frontend System: Plugin titles & icons

Plugins now have optional titles and icons in the new frontend system. This helps implement app-wide features and navigation patterns that enumerate plugins or in other ways traverse the extension tree in the app.

... (truncated)

Changelog

Sourced from @​backstage/plugin-scaffolder-backend's changelog.

3.1.3

Patch Changes

• 7455dae: Use node prefix on native imports
• 4fc7bf0: Removed unused dependency
• 0ce78b0: Support if conditions inside each loops for scaffolder steps
• 5e3ef57: Added peerModules metadata declaring recommended modules for cross-plugin integrations.
• 8148621: Moved @backstage/backend-defaults from dependencies to devDependencies.
• 1e669cc: Migrate audit events reference docs to http://backstage.io/docs.
• 69d880e: Bump to latest zod to ensure it has the latest features
• Updated dependencies
  • @​backstage/plugin-scaffolder-backend-module-gitlab@​0.11.3
  • @​backstage/integration@​1.20.0
  • @​backstage/plugin-catalog-backend-module-scaffolder-entity-model@​0.2.17
  • @​backstage/plugin-catalog-node@​2.0.0
  • @​backstage/plugin-scaffolder-backend-module-bitbucket-cloud@​0.3.3
  • @​backstage/plugin-scaffolder-backend-module-bitbucket@​0.3.19
  • @​backstage/plugin-scaffolder-backend-module-gerrit@​0.2.18
  • @​backstage/plugin-scaffolder-backend-module-github@​0.9.6
  • @​backstage/plugin-scaffolder-backend-module-gitea@​0.2.18
  • @​backstage/backend-openapi-utils@​0.6.6
  • @​backstage/plugin-bitbucket-cloud-common@​0.3.7
  • @​backstage/backend-plugin-api@​1.7.0
  • @​backstage/plugin-scaffolder-node@​0.12.5
  • @​backstage/plugin-auth-node@​0.6.13
  • @​backstage/plugin-permission-common@​0.9.6
  • @​backstage/plugin-permission-node@​0.10.10
  • @​backstage/plugin-events-node@​0.4.19
  • @​backstage/plugin-scaffolder-backend-module-azure@​0.2.18
  • @​backstage/plugin-scaffolder-backend-module-bitbucket-server@​0.2.18
  • @​backstage/plugin-scaffolder-common@​1.7.6

3.1.3-next.2

Patch Changes

• 8148621: Moved @backstage/backend-defaults from dependencies to devDependencies.
• Updated dependencies
  • @​backstage/plugin-scaffolder-backend-module-gitlab@​0.11.3-next.2
  • @​backstage/integration@​1.20.0-next.2
  • @​backstage/plugin-catalog-node@​2.0.0-next.1
  • @​backstage/backend-plugin-api@​1.7.0-next.1
  • @​backstage/plugin-auth-node@​0.6.13-next.1
  • @​backstage/plugin-catalog-backend-module-scaffolder-entity-model@​0.2.17-next.1
  • @​backstage/plugin-events-node@​0.4.19-next.0
  • @​backstage/plugin-permission-node@​0.10.10-next.0
  • @​backstage/plugin-scaffolder-backend-module-bitbucket@​0.3.19-next.1
  • @​backstage/plugin-scaffolder-backend-module-bitbucket-cloud@​0.3.3-next.1
  • @​backstage/plugin-scaffolder-backend-module-bitbucket-server@​0.2.18-next.1

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.