Open jhaals opened 2 months ago
This is a pretty good list of the backend plugins to start from: https://github.com/backstage/community-plugins/blob/main/docs/compatibility/new-backend-system.md
I've started the work for Azure DevOps and Linguist:
I believe that getting rid of @backstage/backend-common
package usages would also reduce occurrences of Vulnerability (CVE-2024-21534)
There is a vulnerability with severity 9.3 in jsonpath-plus <= 10.0.7. See https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
@backstage/backend-common
package is using @kubernetes/client-node
package which is using vulnerable jsonpath-plus@npm:7.2.0
TL;DR make sure that
createRouter
and other exports are marked as deprecated. For the majority of packages there should only be one default export of the backend plugin itself. The@backstage/backend-common
package is deprecated so usages of that package should also be avoided.Backstage’s new backend system is ready for general use; we are now asking for a full transition over to the new backend system, which involves stop supporting the old system. By old system we mean having exports of
createRouter
and related types. There should only need to be one export like this in the backend plugin’sindex.ts
file.How do I help?
Run
yarn community-cli lint legacy-backend-exports workspaces/<workspace>
in the repository to get a full report of packages that require action.Phase 1
Ensure that plugins contain a default export
Ensure that there is a default export of the backend plugin in
index.ts
, see this example.If the plugin previously had a default export in
plugins/<plugin-id>/src/alpha.ts
, make sure that that export is deprecated and that the default export is moved to the non-alphaindex.ts
instead.Deprecate
createRouter
,RouterOptions
and similar types.Here’s an example of a plugin’s
createRouter
being deprecated.Phase 2
Remove deprecated exports
Ensure that deprecations have been out for at one mainline release before proceeding with removal of all deprecated exports. Removing exports from one release to another is not recommended
The complete migration story for a backend plugin (including deprecation) is also mentioned in our docs.
If you take on migrating a backend plugin, feel free to add a comment in this issue to avoid duplicate work.
We plan to have all
createRouter
exports and@backstage/backend-common
usages removed by the end of this year. Your help would be much appreciated!