Skip to content

Bump the npm_and_yarn group across 1 directory with 3 updates#100

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/packages/backend/npm_and_yarn-48df77c1d9
Open

Bump the npm_and_yarn group across 1 directory with 3 updates#100
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/packages/backend/npm_and_yarn-48df77c1d9

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2026

Bumps the npm_and_yarn group with 3 updates in the /packages/backend directory: @backstage/backend-defaults, @backstage/plugin-permission-backend and @backstage/plugin-scaffolder-backend.

Updates @backstage/backend-defaults from 0.5.3 to 0.15.2

Changelog

Sourced from @​backstage/backend-defaults's changelog.

0.15.2

Patch Changes

  • 7455dae: Use node prefix on native imports
  • 44f5d04: Minor internal restructure of the postgres config loading code
  • 4fc7bf0: Bump to tar v7
  • 5dd683f: createRateLimitMiddleware is now exported from @backstage/backend-defaults/httpRouter
  • 8dd518a: Support connection.type: azure in database client to use Microsoft Entra authentication with Azure database for PostgreSQL
  • 69d880e: Bump to latest zod to ensure it has the latest features
  • Updated dependencies
    • @​backstage/backend-app-api@​1.5.0
    • @​backstage/integration@​1.20.0
    • @​backstage/integration-aws-node@​0.1.20
    • @​backstage/backend-plugin-api@​1.7.0
    • @​backstage/backend-dev-utils@​0.1.7
    • @​backstage/config-loader@​1.10.8
    • @​backstage/cli-node@​0.2.18
    • @​backstage/plugin-auth-node@​0.6.13
    • @​backstage/plugin-permission-node@​0.10.10
    • @​backstage/plugin-events-node@​0.4.19

0.15.2-next.1

Patch Changes

  • 8dd518a: Support connection.type: azure in database client to use Microsoft Entra authentication with Azure database for PostgreSQL
  • Updated dependencies
    • @​backstage/integration@​1.20.0-next.1
    • @​backstage/cli-node@​0.2.18-next.1
    • @​backstage/backend-plugin-api@​1.7.0-next.1

0.15.1-next.0

Patch Changes

  • 7455dae: Use node prefix on native imports
  • 44f5d04: Minor internal restructure of the postgres config loading code
  • 4fc7bf0: Bump to tar v7
  • 69d880e: Bump to latest zod to ensure it has the latest features
  • Updated dependencies
    • @​backstage/integration-aws-node@​0.1.20-next.0
    • @​backstage/backend-plugin-api@​1.7.0-next.0
    • @​backstage/backend-dev-utils@​0.1.7-next.0
    • @​backstage/config-loader@​1.10.8-next.0
    • @​backstage/integration@​1.19.3-next.0
    • @​backstage/cli-node@​0.2.17-next.0
    • @​backstage/plugin-auth-node@​0.6.12-next.0
    • @​backstage/backend-app-api@​1.5.0-next.0
    • @​backstage/plugin-permission-node@​0.10.9-next.0

... (truncated)

Commits

Updates @backstage/plugin-permission-backend from 0.5.55 to 0.7.9

Changelog

Sourced from @​backstage/plugin-permission-backend's changelog.

0.7.9

Patch Changes

  • 7455dae: Use node prefix on native imports
  • 69d880e: Bump to latest zod to ensure it has the latest features
  • Updated dependencies
    • @​backstage/backend-plugin-api@​1.7.0
    • @​backstage/plugin-auth-node@​0.6.13
    • @​backstage/plugin-permission-common@​0.9.6
    • @​backstage/plugin-permission-node@​0.10.10

0.7.8-next.0

Patch Changes

  • 7455dae: Use node prefix on native imports
  • 69d880e: Bump to latest zod to ensure it has the latest features
  • Updated dependencies
    • @​backstage/backend-plugin-api@​1.7.0-next.0
    • @​backstage/plugin-auth-node@​0.6.12-next.0
    • @​backstage/plugin-permission-common@​0.9.5-next.0
    • @​backstage/plugin-permission-node@​0.10.9-next.0
    • @​backstage/config@​1.3.6
    • @​backstage/errors@​1.2.7

0.7.7

Patch Changes

  • de96a60: chore(deps): bump express from 4.21.2 to 4.22.0
  • Updated dependencies
    • @​backstage/plugin-auth-node@​0.6.10
    • @​backstage/plugin-permission-node@​0.10.7
    • @​backstage/backend-plugin-api@​1.6.0

0.7.7-next.1

Patch Changes

  • de96a60: chore(deps): bump express from 4.21.2 to 4.22.0
  • Updated dependencies
    • @​backstage/plugin-auth-node@​0.6.10-next.1
    • @​backstage/plugin-permission-node@​0.10.7-next.1
    • @​backstage/backend-plugin-api@​1.6.0-next.1
    • @​backstage/config@​1.3.6
    • @​backstage/errors@​1.2.7
    • @​backstage/plugin-permission-common@​0.9.3

0.7.7-next.0

... (truncated)

Commits

Updates @backstage/plugin-scaffolder-backend from 1.33.0 to 3.1.4

Release notes

Sourced from @​backstage/plugin-scaffolder-backend's releases.

v1.49.0-next.1

See docs/releases/v1.49.0-next.1-changelog.md for more information.

v1.49.0-next.0

See docs/releases/v1.49.0-next.0-changelog.md for more information.

v1.48.4

This release contains security fixes for @backstage/plugin-techdocs-node @backstage/integration and @backstage/plugin-scaffolder-backend

v1.48.3

This patch release fixes the following issues:

  • Fixes the @mui/material/styles shared dependency key by removing a trailing slash that caused module resolution failures with MUI package exports.
  • Fixes entity page tab groups not respecting the ordering from the groups configuration.

v1.48.2

This patch release includes the following fixes:

  • Updated @microsoft/api-extractor to 7.57.3 (#32950)
  • Add back formFieldsApiRef and ScaffolderFormFieldsApi alpha exports from @backstage/plugin-scaffolder (#32969)
  • Perform search on first navigate (#32973)

v1.48.1

This patch release fixes the following issues:

  • Add missing sharing extensions sidebar item in frontend system architecture docs
  • Fix type compatibility for older plugins in FrontendFeature type

v1.48.0

These are the release notes for the v1.48.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

BREAKING ALPHA: Catalog extension points graduated

If you are providing custom processors and entity providers into the catalog, you will now note that several (but not quite all!) of those extension points have graduated out of alpha and into the regular stable exports.

Thus, if you are importing for example catalogProcessingExtensionPoint from @backstage/plugin-catalog-node/alpha, you now want to remove that /alpha suffix.

BREAKING: API restrictions in New Frontend System

In the 1.47 release a new behavior was introduced to the New Frontend System that limits the ability for plugins and modules to provide APIs to plugins other than themselves. For example, the scaffolder plugin could no longer install a custom CatalogApi implementation. This also applies to modules, where you now need to use a module explicitly targeting the 'app' plugin to for example override the ErrorApi.

In 1.47 this new behavior simply triggered a warning, but in this release the API overrides are instead rejected with an error.

Experimental Client ID Metadata Documents

With the latest MCP specification published in November, it outlined a new authorization method that’s going to take over from Dynamic Client Registration called Client ID Metadata Documents.

... (truncated)

Changelog

Sourced from @​backstage/plugin-scaffolder-backend's changelog.

@​backstage/plugin-scaffolder-backend

3.2.0-next.1

Minor Changes

  • c9b11eb: Added a new list-scaffolder-tasks action that allows querying scaffolder tasks with optional ownership filtering and pagination support
  • 0fbcf23: Migrated OpenAPI schemas to 3.1.
  • 7695dd2: Added a new list-scaffolder-actions action that returns all installed scaffolder actions with their schemas and examples

Patch Changes

  • e27bd4e: Removed @backstage/plugin-scaffolder-backend-module-bitbucket from package.json as the package itself has been deprecated and the code deleted.
  • ccc20cf: create scaffolder MCP action to dry run a provided scaffolder template
  • Updated dependencies
    • @​backstage/integration@​2.0.0-next.1
    • @​backstage/plugin-scaffolder-common@​2.0.0-next.1
    • @​backstage/plugin-scaffolder-node@​0.13.0-next.1
    • @​backstage/plugin-catalog-node@​2.1.0-next.1
    • @​backstage/backend-openapi-utils@​0.6.7-next.0
    • @​backstage/backend-plugin-api@​1.7.1-next.0
    • @​backstage/catalog-model@​1.7.6
    • @​backstage/config@​1.3.6
    • @​backstage/errors@​1.2.7
    • @​backstage/types@​1.2.2
    • @​backstage/plugin-events-node@​0.4.20-next.0
    • @​backstage/plugin-permission-common@​0.9.6
    • @​backstage/plugin-permission-node@​0.10.11-next.0

3.1.4-next.0

Patch Changes

  • 4e39e63: Removed unused dependencies
  • Updated dependencies
    • @​backstage/integration@​1.21.0-next.0
    • @​backstage/plugin-catalog-node@​2.1.0-next.0
    • @​backstage/backend-plugin-api@​1.7.1-next.0
    • @​backstage/backend-openapi-utils@​0.6.7-next.0
    • @​backstage/catalog-model@​1.7.6
    • @​backstage/config@​1.3.6
    • @​backstage/errors@​1.2.7
    • @​backstage/types@​1.2.2
    • @​backstage/plugin-events-node@​0.4.20-next.0
    • @​backstage/plugin-permission-common@​0.9.6
    • @​backstage/plugin-permission-node@​0.10.11-next.0
    • @​backstage/plugin-scaffolder-common@​1.7.7-next.0
    • @​backstage/plugin-scaffolder-node@​0.12.6-next.0

3.1.3

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 3 updates
b0c437e 
Bumps the npm_and_yarn group with 3 updates in the /packages/backend directory: [@backstage/backend-defaults](https://github.com/backstage/backstage/tree/HEAD/packages/backend-defaults), [@backstage/plugin-permission-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/permission-backend) and [@backstage/plugin-scaffolder-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/scaffolder-backend).


Updates `@backstage/backend-defaults` from 0.5.3 to 0.15.2
- [Release notes](https://github.com/backstage/backstage/releases)
- [Changelog](https://github.com/backstage/backstage/blob/master/packages/backend-defaults/CHANGELOG.md)
- [Commits](https://github.com/backstage/backstage/commits/HEAD/packages/backend-defaults)

Updates `@backstage/plugin-permission-backend` from 0.5.55 to 0.7.9
- [Release notes](https://github.com/backstage/backstage/releases)
- [Changelog](https://github.com/backstage/backstage/blob/master/plugins/permission-backend/CHANGELOG.md)
- [Commits](https://github.com/backstage/backstage/commits/HEAD/plugins/permission-backend)

Updates `@backstage/plugin-scaffolder-backend` from 1.33.0 to 3.1.4
- [Release notes](https://github.com/backstage/backstage/releases)
- [Changelog](https://github.com/backstage/backstage/blob/master/plugins/scaffolder-backend/CHANGELOG.md)
- [Commits](https://github.com/backstage/backstage/commits/HEAD/plugins/scaffolder-backend)

---
updated-dependencies:
- dependency-name: "@backstage/backend-defaults"
  dependency-version: 0.15.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@backstage/plugin-permission-backend"
  dependency-version: 0.7.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@backstage/plugin-scaffolder-backend"
  dependency-version: 3.1.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 4, 2026
@dependabot dependabot bot mentioned this pull request Mar 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants