This release fixes an issue where requests for the public http routes for the events-backend were authenticated causing 401 errors.
v1.25.1
This release fixes an bug where the kubernetes plugin would crash reading credentials from undefined.
v1.25.0
These are the release notes for the v1.25.0 release of Backstage. This is an unscheduled release that replaces what would’ve otherwise been the v1.25.0-next.1 release, due to a problem with the patch releases for 1.24.0. The next main line release will still be released on April 16th as scheduled, but will now instead be 1.26.0.
A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.
Highlights
Auth service fixes
A number of fixes have been made to various plugins related to the new auth system:
Rate limiting has been disabled as it was a bit too aggressive and didn’t interact well with proxies.
Fixes an issue in the TechDocs CLI related to cookie auth
Fixes an integration issue of the new auth services in the Jenkins backend plugin
Fixed an issue in the scaffolder were credentials weren’t forwarded correctly to the action context.
Fixed an issue where the proxy backend blocked unauthenticated requests.
Catalog
The catalog backend can now be extended with additional permissions through new addPermissions methods of the CatalogBuilder and catalogPermissionExtensionPoint.
The paginated catalog table now saves the search text in the query parameters and debounces the server requests.
Security Fixes
This release does not contain any security fixes.
Upgrade path
We recommend that you keep your Backstage project up to date with this latest release. For more guidance on how to upgrade, check out the documentation for keeping Backstage updated.
Links and References
Below you can find a list of links and references to help you learn about and start using this new release.
74acf06: Add dependencyOf prop to catalog model for Component kind to enable building relationship graphs with both directions using dependsOn and dependencyOf.
78475c3: Allow offset mode paging in entity list provider
bd35cdb: The analyze-location endpoint is now protected by the catalog.location.analyze permission.
The validate-entity endpoint is now protected by the catalog.entity.validate permission.
Patch Changes
1882cfe: Moved getEntities ordering to utilize database instead of having it inside catalog client
Please note that the latest version of @backstage/catalog-client will not order the entities in the same way as before. This is because the ordering is now done in the database query instead of in the client. If you rely on the ordering of the entities, you may need to update your backend plugin or code to handle this change.
d425fc4: Modules, plugins, and services are now BackendFeature, not a function that returns a feature.
c2b63ab: Updated dependency supertest to ^7.0.0.
53cce86: Fixed an issue with the by-query call, where ordering by a field that does not exist on all entities led to not all results being returned
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DiamondLightSource/developer-portal/network/alerts).
Bumps @backstage/plugin-catalog-backend from 1.24.0 to 1.26.0.
Release notes
Sourced from
@backstage/plugin-catalog-backend
's releases.... (truncated)
Changelog
Sourced from
@backstage/plugin-catalog-backend
's changelog.... (truncated)
Commits
0e48f5a
Version Packagesd5a1fe1
chore: change most of plugins to use LoggerService036b9b3
Version Packages (next)c6635e5
Merge pull request #23022 from RoadieHQ/quiter-logs366cf07
Version Packages (next)51e3f70
Merge pull request #23084 from aramissennyeydd/openapi-tooling/schemathesisbb89236
Version Packages04655bb
Generate Release714df5b
Generate Release9c7fb30
Patch from PR #23789Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show