Open jhaals opened 2 months ago
This is a pretty good list of the backend plugins to start from: https://github.com/backstage/community-plugins/blob/main/docs/compatibility/new-backend-system.md
I've started the work for Azure DevOps and Linguist:
I believe that getting rid of @backstage/backend-common
package usages would also reduce occurrences of Vulnerability (CVE-2024-21534)
There is a vulnerability with severity 9.3 in jsonpath-plus <= 10.0.7. See https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
@backstage/backend-common
package is using @kubernetes/client-node
package which is using vulnerable jsonpath-plus@npm:7.2.0
I took a run at removing @backstage/backend-common
over the weekend. There were a number of them that this ended up being fine but there is currently a group of roughly 12 that will be breaking changes and we need to do the deprecation first with a follow up in the new year where we do the removal. The list of plugins as of November 20, 2024 is:
Plugins not listed here should have @backstage/backend-common
already removed to the best of my knowledge.
I intended to submit PRs for the above list marking things as deprecated so we can get that in as soon as possible. We also discussed this during the Community Plugins SIG this week and agreed on this course of action.
All the above plugins now have PRs created to deprecate their support for the legacy backend. đź‘Ť
TL;DR make sure that
createRouter
and other exports are marked as deprecated. For the majority of packages there should only be one default export of the backend plugin itself. The@backstage/backend-common
package is deprecated so usages of that package should also be avoided.Backstage’s new backend system is ready for general use; we are now asking for a full transition over to the new backend system, which involves stop supporting the old system. By old system we mean having exports of
createRouter
and related types. There should only need to be one export like this in the backend plugin’sindex.ts
file.How do I help?
Run
yarn community-cli lint legacy-backend-exports workspaces/<workspace>
in the repository to get a full report of packages that require action.Phase 1
Ensure that plugins contain a default export
Ensure that there is a default export of the backend plugin in
index.ts
, see this example.If the plugin previously had a default export in
plugins/<plugin-id>/src/alpha.ts
, make sure that that export is deprecated and that the default export is moved to the non-alphaindex.ts
instead.Deprecate
createRouter
,RouterOptions
and similar types.Here’s an example of a plugin’s
createRouter
being deprecated.Phase 2
Remove deprecated exports
Ensure that deprecations have been out for at one mainline release before proceeding with removal of all deprecated exports. Removing exports from one release to another is not recommended
The complete migration story for a backend plugin (including deprecation) is also mentioned in our docs.
If you take on migrating a backend plugin, feel free to add a comment in this issue to avoid duplicate work.
We plan to have all
createRouter
exports and@backstage/backend-common
usages removed by the end of this year. Your help would be much appreciated!