chore: Update all minor dependency updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@backstage-community/plugin-github-actions (source)	^0.7.0 -> ^0.14.0
@backstage-community/plugin-tech-radar (source)	1.8.0 -> 1.10.0
@backstage/app-defaults (source)	1.5.12 -> 1.6.5
@backstage/backend-defaults (source)	^0.8.1 -> ^0.12.0
@backstage/backend-plugin-api (source)	1.2.0 -> 1.4.2
@backstage/catalog-client (source)	1.9.1 -> 1.11.0
@backstage/cli (source)	^0.28.2 -> ^0.34.0
@backstage/core-app-api (source)	1.15.1 -> 1.18.0
@backstage/core-components (source)	^0.15.1 -> ^0.17.0
@backstage/plugin-api-docs (source)	^0.11.11 -> ^0.12.0
@backstage/plugin-app-backend (source)	^0.3.76 -> ^0.5.0
@backstage/plugin-auth-backend (source)	^0.23.1 -> ^0.25.0
@backstage/plugin-auth-node (source)	^0.5.3 -> ^0.6.0
@backstage/plugin-catalog (source)	1.27.0 -> 1.31.2
@backstage/plugin-catalog-backend (source)	1.31.0 -> 1.32.1
@backstage/plugin-catalog-import (source)	^0.12.5 -> ^0.13.0
@backstage/plugin-catalog-react (source)	1.15.1 -> 1.20.1
@backstage/plugin-permission-backend (source)	^0.6.0 -> ^0.7.0
@backstage/plugin-permission-common (source)	^0.8.1 -> ^0.9.0
@backstage/plugin-permission-node (source)	^0.8.4 -> ^0.10.0
@backstage/plugin-proxy-backend (source)	^0.5.7 -> ^0.6.0
@backstage/plugin-scaffolder (source)	1.28.0 -> 1.34.0
@backstage/plugin-search-react (source)	1.8.6 -> 1.9.3
@backstage/plugin-techdocs (source)	1.12.3 -> 1.14.1
@backstage/plugin-techdocs-react (source)	1.2.14 -> 1.3.2
@commitlint/cli (source)	19.6.1 -> 19.8.1
@commitlint/config-conventional (source)	19.6.0 -> 19.8.1
@commitlint/config-lerna-scopes (source)	19.7.0 -> 19.8.1
@types/luxon (source)	3.4.2 -> 3.7.1
lerna (source)	8.1.7 -> 8.2.3
lint-staged	15.4.3 -> 15.5.2
msw (source)	2.7.0 -> 2.10.5
pg (source)	8.13.1 -> 8.16.3
react-router (source)	6.28.0 -> 6.30.1
react-router-dom (source)	6.28.0 -> 6.30.1
typescript (source)	~5.7.0 -> ~5.9.0
yarn (source)	4.6.0 -> 4.9.4
zod (source)	3.24.1 -> 3.25.76

---

Release Notes

backstage/community-plugins (@​backstage-community/plugin-github-actions)

v0.14.0

Compare Source

Minor Changes

• 0493206: Backstage version bump to v1.42.3

v0.13.1

Compare Source

Patch Changes

• e6e4a9d: Add workflow age field to help indicate when the workflow last ran

v0.13.0

Compare Source

Minor Changes

• 624c181: Backstage version bump to v1.41.1

Patch Changes

• b41b1f0: Change default branch to be that of the target repository instead of assuming it is using master.
• 337f19a: Resolve visual issue caused by the centering of the Workflow Status was done inside the component instead of controlled by the wrapper object. This led to case where when viewing 'Workflow run details' the status was centered when all other content was left aligned.

v0.12.0

Compare Source

Minor Changes

• 8b45679: Backstage version bump to v1.40.2

v0.11.1

Compare Source

Patch Changes

• dd3519b: Fixed an issue where branches were fetched unnecessarily by certain components.

v0.11.0

Compare Source

Minor Changes

• f1e2943: Backstage version bump to v1.39.0

v0.10.0

Compare Source

Minor Changes

• 5041897: Backstage version bump to v1.38.1

v0.9.2

Compare Source

Patch Changes

• 58c5ad5: Start pagination at page 1 in api.listBranches to avoid duplicate branches in WorkflowRunsCard.

v0.9.1

Compare Source

Patch Changes

• 4aad9f3: remove unused devDependency canvas

v0.9.0

Compare Source

Minor Changes

• 5ca4b72: Backstage version bump to v1.37.0

v0.8.0

Compare Source

Minor Changes

• 435f142: Backstage version bump to v1.36.0

v0.7.2

Compare Source

Patch Changes

• 58d4734: Fixed plugin setup documentation to show example of use with availability check in the catalog EntityPage

backstage/community-plugins (@​backstage-community/plugin-tech-radar)

v1.10.0

Compare Source

Minor Changes

• fe6d855: Backstage version bump to v1.42.3

Patch Changes

• Updated dependencies [fe6d855]
  • @​backstage-community/plugin-tech-radar-common@​1.9.0

v1.9.0

Compare Source

Minor Changes

• 8a9d386: Backstage version bump to v1.41.1

Patch Changes

• Updated dependencies [8a9d386]
  • @​backstage-community/plugin-tech-radar-common@​1.8.0

backstage/backstage (@​backstage/app-defaults)

v1.6.5

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/core-components@​0.17.5
  • @​backstage/theme@​0.6.8

v1.6.4

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/core-components@​0.17.4
  • @​backstage/core-plugin-api@​1.10.9
  • @​backstage/theme@​0.6.7
  • @​backstage/core-app-api@​1.18.0
  • @​backstage/plugin-permission-react@​0.4.36

v1.6.3

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/core-components@​0.17.3
  • @​backstage/core-plugin-api@​1.10.8
  • @​backstage/core-app-api@​1.17.1
  • @​backstage/theme@​0.6.6
  • @​backstage/plugin-permission-react@​0.4.35

v1.6.2

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/theme@​0.6.6
  • @​backstage/core-app-api@​1.17.0
  • @​backstage/core-components@​0.17.2
  • @​backstage/core-plugin-api@​1.10.7
  • @​backstage/plugin-permission-react@​0.4.34

v1.6.1

Compare Source

Patch Changes

• a47fd39: Removes instances of default React imports, a necessary update for the upcoming React 19 migration.

  https://legacy.reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html

• Updated dependencies

  • @​backstage/core-components@​0.17.1
  • @​backstage/core-plugin-api@​1.10.6
  • @​backstage/plugin-permission-react@​0.4.33
  • @​backstage/core-app-api@​1.16.1
  • @​backstage/theme@​0.6.5

v1.6.0

Compare Source

Minor Changes

• 12f8e01: BREAKING: The default DiscoveryApi implementation has been switched to use FrontendHostDiscovery, which adds support for the discovery.endpoints configuration.

  This is marked as a breaking change because it will cause any existing discovery.endpoints configuration to be picked up and used, which may break existing setups.

  For example, consider the following configuration:

  app:
    baseUrl: https://backstage.acme.org
  
  backend:
    baseUrl: https://backstage.internal.acme.org
  
  discovery:
    endpoints:
      - target: https://catalog.internal.acme.org/api/{{pluginId}}
        plugins: [catalog]

  This will now cause requests from the frontend towards the catalog plugin to be routed to https://catalog.internal.acme.org/api/catalog, but this might not be reachable from the frontend. To fix this, you should update the discovery.endpoints configuration to only override the internal URL of the plugin:

  discovery:
    endpoints:
      - target:
          internal: https://catalog.internal.acme.org/api/{{pluginId}}
        plugins: [catalog]

Patch Changes

• Updated dependencies
  • @​backstage/core-components@​0.17.0
  • @​backstage/core-plugin-api@​1.10.5
  • @​backstage/core-app-api@​1.16.0
  • @​backstage/plugin-permission-react@​0.4.32
  • @​backstage/theme@​0.6.4

v1.5.17

Compare Source

Patch Changes

• 58ec9e7: Removed older versions of React packages as a preparatory step for upgrading to React 19. This commit does not introduce any functional changes, but removes dependencies on previous React versions, allowing for a cleaner upgrade path in subsequent commits.
• Updated dependencies
  • @​backstage/core-components@​0.16.4
  • @​backstage/core-plugin-api@​1.10.4
  • @​backstage/plugin-permission-react@​0.4.31
  • @​backstage/core-app-api@​1.15.5
  • @​backstage/theme@​0.6.4

v1.5.16

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/core-plugin-api@​1.10.3
  • @​backstage/core-components@​0.16.3
  • @​backstage/core-app-api@​1.15.4
  • @​backstage/theme@​0.6.3
  • @​backstage/plugin-permission-react@​0.4.30

v1.5.15

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/core-app-api@​1.15.3
  • @​backstage/theme@​0.6.3
  • @​backstage/core-components@​0.16.2
  • @​backstage/core-plugin-api@​1.10.2
  • @​backstage/plugin-permission-react@​0.4.29

v1.5.14

Compare Source

v1.5.13

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/theme@​0.6.1
  • @​backstage/core-components@​0.16.0
  • @​backstage/core-app-api@​1.15.2
  • @​backstage/core-plugin-api@​1.10.1
  • @​backstage/plugin-permission-react@​0.4.28

backstage/backstage (@​backstage/backend-defaults)

v0.12.0

Compare Source

Minor Changes

• 133519b: feat: new cache manager Infinispan Data Grid

Patch Changes

• caee2eb: Fixed WinstonLogger throwing when redactions were null or undefined
• ed74af5: Fixed bug in PackageDiscoveryService where packages with "exports" field caused ERR_PACKAGE_PATH_NOT_EXPORTED error during backend startup.
• 3a7dad9: Updated better-sqlite3 to v12
• Updated dependencies
  • @​backstage/cli-node@​0.2.14
  • @​backstage/backend-app-api@​1.2.6
  • @​backstage/plugin-auth-node@​0.6.6
  • @​backstage/plugin-permission-node@​0.10.3
  • @​backstage/backend-plugin-api@​1.4.2
  • @​backstage/plugin-events-node@​0.4.14

v0.11.1

Compare Source

Patch Changes

• ead925a: Add a standard toString on credentials objects
• e0189b8: UrlReader: Fix handling of access tokens for GitLab readURL requests
• d1e4a6d: Fixed bug where the GitLab user token and GitLab integration token were being merged together
• Updated dependencies
  • @​backstage/config-loader@​1.10.2
  • @​backstage/config@​1.3.3
  • @​backstage/plugin-permission-node@​0.10.2
  • @​backstage/integration@​1.17.1
  • @​backstage/backend-app-api@​1.2.5
  • @​backstage/backend-plugin-api@​1.4.1
  • @​backstage/integration-aws-node@​0.1.17
  • @​backstage/plugin-auth-node@​0.6.5
  • @​backstage/plugin-events-node@​0.4.13

v0.11.0

Compare Source

Minor Changes

• 3ccb7fc: Enhanced error handling in the auditor service factory to pass errors as objects. Aligned WinstonRootAuditorService with the default service factory's error handling.

Patch Changes

• 1220cf8: Added new rate limit middleware to allow rate limiting requests to the backend

  If you are using the configure callback of the root HTTP router service and do NOT call applyDefaults() inside it, please see the relevant changes that were made, to see if you want to apply them as well to your custom configuration.
  Rate limiting can be turned on by adding the following configuration to app-config.yaml:

  backend:
    rateLimit:
      window: 6s
      incomingRequestLimit: 100

  Plugin specific rate limiting can be configured by adding the following configuration to app-config.yaml:

  backend:
    rateLimit:
      global: false # This will disable the global rate limiting
      plugin:
        catalog:
          window: 6s
          incomingRequestLimit: 100

• c999c25: Added some default implementations for the experimental ActionsService and ActionsRegistryService under /alpha that allow registration of actions for a particular plugin.

• Updated dependencies

  • @​backstage/plugin-auth-node@​0.6.4
  • @​backstage/backend-app-api@​1.2.4
  • @​backstage/backend-plugin-api@​1.4.0
  • @​backstage/backend-dev-utils@​0.1.5
  • @​backstage/cli-node@​0.2.13
  • @​backstage/config@​1.3.2
  • @​backstage/config-loader@​1.10.1
  • @​backstage/errors@​1.2.7
  • @​backstage/integration@​1.17.0
  • @​backstage/integration-aws-node@​0.1.16
  • @​backstage/types@​1.2.1
  • @​backstage/plugin-events-node@​0.4.12
  • @​backstage/plugin-permission-node@​0.10.1

v0.10.0

Compare Source

Minor Changes

• d385854: BREAKING: The DefaultSchedulerService constructor options now requires RootLifecycleService, HttpRouterService, and PluginMetadataService fields.

  The scheduler will register a REST API for listing and triggering tasks. Please see the scheduler documentation for more details about this API.

Patch Changes

• 1e06afd: GithubUrlReader's search detects glob-patterns supported by minimatch, instead of just detecting
  * and ? characters.

  For example, this allows to search for patterns like {C,c}atalog-info.yaml.

• acea1d4: update documentation

• 72d019d: Removed various typos

• c6bc67d: Added Valkey support alongside Redis in backend-defaults cache clients, using the new Keyv Valkey package. Also extended backend-test-utils to support Valkey in tests.

• 36f77e9: Bug fix: Pass user provided token through to gitlab url resolvers

• 0e7a640: The GithubUrlReader will now use the token from options when fetching repo details

• Updated dependencies

  • @​backstage/integration@​1.17.0
  • @​backstage/backend-app-api@​1.2.3
  • @​backstage/plugin-auth-node@​0.6.3
  • @​backstage/backend-plugin-api@​1.3.1
  • @​backstage/plugin-permission-node@​0.10.0
  • @​backstage/config-loader@​1.10.1
  • @​backstage/integration-aws-node@​0.1.16
  • @​backstage/cli-node@​0.2.13
  • @​backstage/config@​1.3.2
  • @​backstage/backend-dev-utils@​0.1.5
  • @​backstage/errors@​1.2.7
  • @​backstage/types@​1.2.1
  • @​backstage/plugin-events-node@​0.4.11

v0.9.0

Compare Source

Minor Changes

• 1daedce: Remove Throttle of Bitbucket Server API calls
• 01edf6e: Allow pass through of redis client and cluster options to Cache core service
• cf4eb13: Added actor property to BackstageUserPrincipal containing the subject of the last service (if any) who performed authentication on behalf of the user.

Patch Changes

• 7c6740e: Implemented SRV lookup support in the default HostDiscovery. You can now specify internal URLs on the form http+srv://some-srv-name/api/{{pluginId}} and they will be resolved in real time.

• 939116c: Added an optional backend.trustProxy app config value, which sets the
  corresponding Express.js trust proxy setting. This lets
  you easily configure proxy trust without making a custom configure callback
  for the rootHttpRouter service.

  If you already are using a custom configure callback, and if that also does not call applyDefaults(), you may want to add the following to it:

  const trustProxy = config.getOptional('backend.trustProxy');
  if (trustProxy !== undefined) {
    app.set('trust proxy', trustProxy);
  }

• 175528c: Adds backend.auditor.severityLogLevelMappings to map severity levels to log levels.

• Updated dependencies

  • @​backstage/backend-plugin-api@​1.3.0
  • @​backstage/integration@​1.16.3
  • @​backstage/backend-app-api@​1.2.2
  • @​backstage/plugin-auth-node@​0.6.2
  • @​backstage/plugin-permission-node@​0.9.1
  • @​backstage/backend-dev-utils@​0.1.5
  • @​backstage/cli-node@​0.2.13
  • @​backstage/config@​1.3.2
  • @​backstage/config-loader@​1.10.0
  • @​backstage/errors@​1.2.7
  • @​backstage/integration-aws-node@​0.1.15
  • @​backstage/types@​1.2.1
  • @​backstage/plugin-events-node@​0.4.10

v0.8.2

Compare Source

Patch Changes

• e293b66: The default auditor service implementation will now log low severity events with debug level instead of info.

• f422984: Remove unused dependencies

• ecb9bab: Explicitly stringify extra logger fields with JSON.stringify to prevent [object Object] errors.

• 12f8e01: The discovery.endpoints configuration no longer requires both internal and external target when using the object form, instead falling back to the default.

• 89db8b8: GerritUrlReader is now able to search files matching a given pattern URL (using minimatch glob patterns).

  This allows the Gerrit Discovery to find all Backstage manifests inside a repository using the **/catalog-info.yaml pattern.

• Updated dependencies

  • @​backstage/config-loader@​1.10.0
  • @​backstage/integration@​1.16.2
  • @​backstage/plugin-permission-node@​0.9.0
  • @​backstage/plugin-auth-node@​0.6.1
  • @​backstage/plugin-events-node@​0.4.9
  • @​backstage/backend-app-api@​1.2.1
  • @​backstage/integration-aws-node@​0.1.15
  • @​backstage/backend-dev-utils@​0.1.5
  • @​backstage/backend-plugin-api@​1.2.1
  • @​backstage/cli-node@​0.2.13
  • @​backstage/config@​1.3.2
  • @​backstage/errors@​1.2.7
  • @​backstage/types@​1.2.1

backstage/backstage (@​backstage/backend-plugin-api)

v1.4.2

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/plugin-auth-node@​0.6.6
  • @​backstage/plugin-permission-node@​0.10.3

v1.4.1

Compare Source

Patch Changes

• Updated dependencies
  • @​backstage/config@​1.3.3
  • @​backstage/plugin-permission-common@​0.9.1
  • [@​backstage/plugin-permission-node](https://redirect.github.com/backstage/plu

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[heinzburgstaller]

@dependabot rebase