@backstage/backend-app-api

# @backstage/backend-app-api ## 1.2.5 ### Patch Changes - Updated dependencies - @backstage/config@1.3.3 - @backstage/backend-plugin-api@1.4.1 ## 1.2.5-next.0 ### Patch Changes - Updated dependencies - @backstage/config@1.3.3-next.0 - @backstage/backend-plugin-api@1.4.1-next.0 ## 1.2.4 ### Patch Changes - bb9a501: Fixed a bug where occasionally the initialization order of multiple modules consuming a single extension point could happen in the wrong order. - Updated dependencies - @backstage/backend-plugin-api@1.4.0 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.4-next.2 ### Patch Changes - bb9a501: Fixed a bug where occasionally the initialization order of multiple modules consuming a single extension point could happen in the wrong order. - Updated dependencies - @backstage/backend-plugin-api@1.4.0-next.1 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.4-next.1 ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@1.4.0-next.1 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.4-next.0 ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@1.4.0-next.0 ## 1.2.3 ### Patch Changes - 729a7d6: Added a configuration to permit backend plugin module failures on startup: ```yaml backend: ... startup: plugins: plugin-x: modules: module-y: onPluginModuleBootFailure: continue ``` This configuration permits `plugin-x` with `module-y` to fail on startup. Omitting the `onPluginModuleBootFailure` configuration matches the previous behavior, wherein any individual plugin module failure is forwarded to the plugin and aborts backend startup. The default can also be changed, so that continuing on failure is the default unless otherwise specified: ```yaml backend: startup: default: onPluginModuleBootFailure: continue plugins: catalog: modules: github: onPluginModuleBootFailure: abort ``` - 72d019d: Removed various typos - Updated dependencies - @backstage/backend-plugin-api@1.3.1 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.3-next.2 ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@1.3.1-next.2 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.3-next.1 ### Patch Changes - 729a7d6: Added a configuration to permit backend plugin module failures on startup: ```yaml backend: ... startup: plugins: plugin-x: modules: module-y: onPluginModuleBootFailure: continue ``` This configuration permits `plugin-x` with `module-y` to fail on startup. Omitting the `onPluginModuleBootFailure` configuration matches the previous behavior, wherein any individual plugin module failure is forwarded to the plugin and aborts backend startup. The default can also be changed, so that continuing on failure is the default unless otherwise specified: ```yaml backend: startup: default: onPluginModuleBootFailure: continue plugins: catalog: modules: github: onPluginModuleBootFailure: abort ``` - 72d019d: Removed various typos - Updated dependencies - @backstage/backend-plugin-api@1.3.1-next.1 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.3-next.0 ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@1.3.1-next.0 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.2 ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@1.3.0 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.1 ### Patch Changes - f422984: Remove unused dependencies - Updated dependencies - @backstage/backend-plugin-api@1.2.1 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.2.1-next.2 ### Patch Changes - Updated dependencies - @backstage/config-loader@1.10.0-next.0 - @backstage/backend-plugin-api@1.2.1-next.1 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 - @backstage/plugin-auth-node@0.6.1-next.1 - @backstage/plugin-permission-node@0.8.9-next.1 ## 1.2.1-next.1 ### Patch Changes - Updated dependencies - @backstage/plugin-auth-node@0.6.1-next.1 - @backstage/backend-plugin-api@1.2.1-next.1 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/config-loader@1.9.6 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 - @backstage/plugin-permission-node@0.8.9-next.1 ## 1.2.1-next.0 ### Patch Changes - Updated dependencies - @backstage/plugin-permission-node@0.8.9-next.0 - @backstage/plugin-auth-node@0.6.1-next.0 - @backstage/backend-plugin-api@1.2.1-next.0 - @backstage/config-loader@1.9.6 ## 1.2.0 ### Minor Changes - 92a56f6: **BREAKING ALPHA**: Removed the deprecated `featureDiscoveryServiceFactory`. Existing usage can be replaced with `discoveryFeatureLoader` from `@backstage/backend-defaults`. ### Patch Changes - ad9aba2: The log message written when plugins fail to initialize now includes the error that caused the plugin startup to fail. - 5622362: Added a configuration to permit backend plugin failures on startup: ```yaml backend: ... startup: plugins: plugin-x: onPluginBootFailure: continue ``` This configuration permits `plugin-x` to fail on startup. Omitting the `onPluginBootFailure` configuration matches the previous behavior, wherein any individual plugin failure aborts backend startup. The default can also be changed, so that continuing on failure is the default unless otherwise specified: ```yaml backend: startup: default: onPluginBootFailure: continue plugins: catalog: onPluginBootFailure: abort ``` - Updated dependencies - @backstage/plugin-permission-node@0.8.8 - @backstage/config-loader@1.9.6 - @backstage/backend-plugin-api@1.2.0 - @backstage/plugin-auth-node@0.6.0 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 ## 1.2.0-next.3 ### Patch Changes - Updated dependencies - @backstage/plugin-permission-node@0.8.8-next.2 - @backstage/backend-plugin-api@1.2.0-next.2 - @backstage/config-loader@1.9.6-next.0 - @backstage/plugin-auth-node@0.6.0-next.2 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 ## 1.2.0-next.2 ### Minor Changes - 92a56f6: **BREAKING ALPHA**: Removed the deprecated `featureDiscoveryServiceFactory`. Existing usage can be replaced with `discoveryFeatureLoader` from `@backstage/backend-defaults`. ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@1.2.0-next.1 - @backstage/plugin-auth-node@0.6.0-next.1 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/config-loader@1.9.6-next.0 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 - @backstage/plugin-permission-node@0.8.8-next.1 ## 1.1.2-next.1 ### Patch Changes - ad9aba2: The log message written when plugins fail to initialize now includes the error that caused the plugin startup to fail. - Updated dependencies - @backstage/backend-plugin-api@1.2.0-next.0 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/config-loader@1.9.6-next.0 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 - @backstage/plugin-auth-node@0.5.7-next.0 - @backstage/plugin-permission-node@0.8.8-next.0 ## 1.1.2-next.0 ### Patch Changes - Updated dependencies - @backstage/plugin-permission-node@0.8.8-next.0 - @backstage/config-loader@1.9.6-next.0 - @backstage/backend-plugin-api@1.2.0-next.0 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 - @backstage/types@1.2.1 - @backstage/plugin-auth-node@0.5.7-next.0 ## 1.1.1 ### Patch Changes - 02534c7: Corrected spelling mistake in error message - Updated dependencies - @backstage/types@1.2.1 - @backstage/config-loader@1.9.5 - @backstage/plugin-permission-node@0.8.7 - @backstage/plugin-auth-node@0.5.6 - @backstage/backend-plugin-api@1.1.1 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.2 - @backstage/errors@1.2.7 ## 1.1.1-next.1 ### Patch Changes - Updated dependencies - @backstage/types@1.2.1-next.0 - @backstage/backend-plugin-api@1.1.1-next.1 - @backstage/config@1.3.2-next.0 - @backstage/config-loader@1.9.5-next.1 - @backstage/errors@1.2.7-next.0 - @backstage/plugin-auth-node@0.5.6-next.1 - @backstage/plugin-permission-node@0.8.7-next.1 - @backstage/cli-common@0.1.15 ## 1.1.1-next.0 ### Patch Changes - 02534c7: Corrected spelling mistake in error message - Updated dependencies - @backstage/config-loader@1.9.5-next.0 - @backstage/plugin-permission-node@0.8.7-next.0 - @backstage/plugin-auth-node@0.5.6-next.0 - @backstage/backend-plugin-api@1.1.1-next.0 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.1 - @backstage/errors@1.2.6 - @backstage/types@1.2.0 ## 1.1.0 ### Minor Changes - ebf083d: Service factories added by feature loaders now have lower priority and will be ignored if a factory for the same service is added directly by `backend.add(serviceFactory)`. - 12eac85: **EXPERIMENTAL**: Adds a new `instanceMetadataService` to hold information about a specific backend instance. ### Patch Changes - eef3ef1: Removed unused `express` dependencies. - ae2408b: Add a `toString` on the default `BackendFeatureMeta` implementations - 5c9cc05: Use native fetch instead of node-fetch - 0e9c9fa: As soon as a backend termination signal is received, call before shutting down root lifecycle hooks. - Updated dependencies - @backstage/plugin-auth-node@0.5.5 - @backstage/backend-plugin-api@1.1.0 - @backstage/plugin-permission-node@0.8.6 - @backstage/config-loader@1.9.3 - @backstage/errors@1.2.6 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.1 - @backstage/types@1.2.0 ## 1.1.0-next.2 ### Minor Changes - ebf083d: Service factories added by feature loaders now have lower priority and will be ignored if a factory for the same service is added directly by `backend.add(serviceFactory)`. ### Patch Changes - 0e9c9fa: As soon as a backend termination signal is received, call before shutting down root lifecycle hooks. - Updated dependencies - @backstage/backend-plugin-api@1.1.0-next.2 - @backstage/plugin-permission-node@0.8.6-next.2 - @backstage/errors@1.2.6-next.0 - @backstage/plugin-auth-node@0.5.5-next.2 - @backstage/config-loader@1.9.3-next.1 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.1-next.0 - @backstage/types@1.2.0 ## 1.1.0-next.1 ### Minor Changes - 12eac85: **EXPERIMENTAL**: Adds a new `instanceMetadataService` to hold information about a specific backend instance. ### Patch Changes - 5c9cc05: Use native fetch instead of node-fetch - Updated dependencies - @backstage/plugin-auth-node@0.5.5-next.1 - @backstage/config-loader@1.9.3-next.0 - @backstage/backend-plugin-api@1.1.0-next.1 - @backstage/plugin-permission-node@0.8.6-next.1 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.0 - @backstage/errors@1.2.5 - @backstage/types@1.2.0 ## 1.0.3-next.0 ### Patch Changes - eef3ef1: Removed unused `express` dependencies. - Updated dependencies - @backstage/backend-plugin-api@1.0.3-next.0 - @backstage/plugin-auth-node@0.5.5-next.0 - @backstage/cli-common@0.1.15 - @backstage/config@1.3.0 - @backstage/config-loader@1.9.2 - @backstage/errors@1.2.5 - @backstage/types@1.2.0 - @backstage/plugin-permission-node@0.8.6-next.0 ## 1.0.2 ### Patch Changes - 4e58bc7: Upgrade to uuid v11 internally - 5d74716: Remove unused backend-common dependency - Updated dependencies - @backstage/config@1.3.0 - @backstage/types@1.2.0 - @backstage/config-loader@1.9.2 - @backstage/plugin-auth-node@0.5.4 - @backstage/backend-plugin-api@1.0.2 - @backstage/cli-common@0.1.15 - @backstage/errors@1.2.5 - @backstage/plugin-permission-node@0.8.5 ## 1.0.2-next.2 ### Patch Changes - Updated dependencies - @backstage/plugin-auth-node@0.5.4-next.2 - @backstage/backend-plugin-api@1.0.2-next.2 - @backstage/cli-common@0.1.15-next.0 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.2-next.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-permission-node@0.8.5-next.2 ## 1.0.2-next.1 ### Patch Changes - Updated dependencies - @backstage/cli-common@0.1.15-next.0 - @backstage/backend-plugin-api@1.0.2-next.1 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.2-next.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-auth-node@0.5.4-next.1 - @backstage/plugin-permission-node@0.8.5-next.1 ## 1.0.2-next.0 ### Patch Changes - Updated dependencies - @backstage/plugin-auth-node@0.5.4-next.0 - @backstage/backend-plugin-api@1.0.2-next.0 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.1 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-permission-node@0.8.5-next.0 ## 1.0.1 ### Patch Changes - ffd1f4a: Plugin lifecycle shutdown hooks are now performed before root lifecycle shutdown hooks. - fd6e6f4: build(deps): bump `cookie` from 0.6.0 to 0.7.0 - 094eaa3: Remove references to in-repo backend-common - 04af116: The backend will no longer exit immediately if any plugin or modules fails to initialize. Instead, the backend will wait for all plugins and modules to either start up successfully or throw, and then shut down the backend if there were any initialization errors. This fixes an issue where backend initialization errors in adjacent plugins during database schema migration could cause the database migrations to be stuck in a locked state. - Updated dependencies - @backstage/plugin-auth-node@0.5.3 - @backstage/plugin-permission-node@0.8.4 - @backstage/backend-plugin-api@1.0.1 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.1 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 1.0.1-next.1 ### Patch Changes - ffd1f4a: Plugin lifecycle shutdown hooks are now performed before root lifecycle shutdown hooks. - fd6e6f4: build(deps): bump `cookie` from 0.6.0 to 0.7.0 - Updated dependencies - @backstage/plugin-auth-node@0.5.3-next.1 - @backstage/backend-plugin-api@1.0.1-next.1 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.1 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-permission-node@0.8.4-next.1 ## 1.0.1-next.0 ### Patch Changes - 094eaa3: Remove references to in-repo backend-common - 04af116: The backend will no longer exit immediately if any plugin or modules fails to initialize. Instead, the backend will wait for all plugins and modules to either start up successfully or throw, and then shut down the backend if there were any initialization errors. This fixes an issue where backend initialization errors in adjacent plugins during database schema migration could cause the database migrations to be stuck in a locked state. - Updated dependencies - @backstage/plugin-permission-node@0.8.4-next.0 - @backstage/plugin-auth-node@0.5.3-next.0 - @backstage/backend-plugin-api@1.0.1-next.0 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.1 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 1.0.0 ### Major Changes - ec1b4be: Release 1.0 of the new backend system! :tada: The backend system is finally getting promoted to 1.0.0. This means that the API is now stable and breaking changes should not occur until version 2.0.0, see our [package versioning policy](https://backstage.io/docs/overview/versioning-policy/#package-versioning-policy) for more information what this means. This release also marks the end of the old backend system based on `createRouter` exports. Going forward backend plugins packages will start to deprecate and later this year remove exports supporting the old backend system. If you would like to help out with this transition, see https://github.com/backstage/backstage/issues/26353 or consult the [migration guide](https://backstage.io/docs/backend-system/building-plugins-and-modules/migrating/#remove-support-for-the-old-backend-system). ### Minor Changes - 19ff127: **BREAKING**: The deprecated `identityServiceFactory` and `tokenManagerServiceFactory` have been removed. - d425fc4: **BREAKING**: The return values from `createBackendPlugin`, `createBackendModule`, and `createServiceFactory` are now simply `BackendFeature` and `ServiceFactory`, instead of the previously deprecated form of a function that returns them. For this reason, `createServiceFactory` also no longer accepts the callback form where you provide direct options to the service. This also affects all `coreServices.*` service refs. This may in particular affect tests; if you were effectively doing `createBackendModule({...})()` (note the parentheses), you can now remove those extra parentheses at the end. You may encounter cases of this in your `packages/backend/src/index.ts` too, where you add plugins, modules, and services. If you were using `createServiceFactory` with a function as its argument for the purpose of passing in options, this pattern has been deprecated for a while and is no longer supported. You may want to explore the new multiton patterns to achieve your goals, or moving settings to app-config. As part of this change, the `IdentityFactoryOptions` type was removed, and can no longer be used to tweak that service. The identity service was also deprecated some time ago, and you will want to [migrate to the new auth system](https://backstage.io/docs/tutorials/auth-service-migration) if you still rely on it. ### Patch Changes - cd38da8: Deprecate the `featureDiscoveryServiceFactory` in favor of using `@backstage/backend-defaults#discoveryFeatureLoader` instead. - 8ccf784: All created backend instances now share a the same `process` exit listeners, and on exit the process will wait for all backend instances to shut down before exiting. This fixes the `EventEmitter` leak warnings in tests. - 6ed9264: chore(deps): bump `path-to-regexp` from 6.2.2 to 8.0.0 - c246372: Updated the error message for missing service dependencies to include the plugin and module IDs. - 7f779c7: `auth.externalAccess` should be optional in the config schema - c2b63ab: Updated dependency `supertest` to `^7.0.0`. - 51a69b5: Fix feature loaders in CJS double-default nested builds - 0b2a402: Updates to the config schema to match reality - Updated dependencies - @backstage/backend-common@0.25.0 - @backstage/backend-plugin-api@1.0.0 - @backstage/plugin-auth-node@0.5.2 - @backstage/plugin-permission-node@0.8.3 - @backstage/config-loader@1.9.1 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 1.0.0-next.2 ### Major Changes - ec1b4be: Release 1.0 of the new backend system! :tada: The backend system is finally getting promoted to 1.0.0. This means that the API is now stable and breaking changes should not occur until version 2.0.0, see our [package versioning policy](https://backstage.io/docs/overview/versioning-policy/#package-versioning-policy) for more information what this means. This release also marks the end of the old backend system based on `createRouter` exports. Going forward backend plugins packages will start to deprecate and later this year remove exports supporting the old backend system. If you would like to help out with this transition, see https://github.com/backstage/backstage/issues/26353 or consult the [migration guide](https://backstage.io/docs/backend-system/building-plugins-and-modules/migrating/#remove-support-for-the-old-backend-system). ### Patch Changes - 6ed9264: chore(deps): bump `path-to-regexp` from 6.2.2 to 8.0.0 - c2b63ab: Updated dependency `supertest` to `^7.0.0`. - Updated dependencies - @backstage/backend-common@0.25.0-next.2 - @backstage/plugin-auth-node@0.5.2-next.2 - @backstage/backend-plugin-api@1.0.0-next.2 - @backstage/config-loader@1.9.1-next.0 - @backstage/plugin-permission-node@0.8.3-next.2 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.10.0-next.1 ### Patch Changes - c246372: Updated the error message for missing service dependencies to include the plugin and module IDs. - Updated dependencies - @backstage/backend-common@0.25.0-next.1 - @backstage/plugin-auth-node@0.5.2-next.1 - @backstage/backend-plugin-api@0.9.0-next.1 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-permission-node@0.8.3-next.1 ## 0.10.0-next.0 ### Minor Changes - 19ff127: **BREAKING**: The deprecated `identityServiceFactory` and `tokenManagerServiceFactory` have been removed. - d425fc4: **BREAKING**: The return values from `createBackendPlugin`, `createBackendModule`, and `createServiceFactory` are now simply `BackendFeature` and `ServiceFactory`, instead of the previously deprecated form of a function that returns them. For this reason, `createServiceFactory` also no longer accepts the callback form where you provide direct options to the service. This also affects all `coreServices.*` service refs. This may in particular affect tests; if you were effectively doing `createBackendModule({...})()` (note the parentheses), you can now remove those extra parentheses at the end. You may encounter cases of this in your `packages/backend/src/index.ts` too, where you add plugins, modules, and services. If you were using `createServiceFactory` with a function as its argument for the purpose of passing in options, this pattern has been deprecated for a while and is no longer supported. You may want to explore the new multiton patterns to achieve your goals, or moving settings to app-config. As part of this change, the `IdentityFactoryOptions` type was removed, and can no longer be used to tweak that service. The identity service was also deprecated some time ago, and you will want to [migrate to the new auth system](https://backstage.io/docs/tutorials/auth-service-migration) if you still rely on it. ### Patch Changes - cd38da8: Deprecate the `featureDiscoveryServiceFactory` in favor of using `@backstage/backend-defaults#discoveryFeatureLoader` instead. - 7f779c7: `auth.externalAccess` should be optional in the config schema - 51a69b5: Fix feature loaders in CJS double-default nested builds - 0b2a402: Updates to the config schema to match reality - Updated dependencies - @backstage/backend-plugin-api@0.9.0-next.0 - @backstage/plugin-permission-node@0.8.3-next.0 - @backstage/backend-common@0.25.0-next.0 - @backstage/plugin-auth-node@0.5.2-next.0 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.9.0 ### Minor Changes - da4fde5: **BREAKING**: Removed several deprecated service factories. These can instead be imported from `@backstage/backend-defaults` package. - fc24d9e: Stop using `@backstage/backend-tasks` as it will be deleted in near future. - 389f5a4: Remove deprecated `urlReaderServiceFactory`, please import from `@backstage/backend-defaults/urlReader` instead. ### Patch Changes - 8b13183: Added support for the latest version of `BackendFeature`s from `@backstage/backend-plugin-api`, including feature loaders. - 93095ee: Make sure node-fetch is version 2.7.0 or greater - 7c5f3b0: Update the `ServiceRegister` implementation to enable registering multiple service implementations for a given service ref. - 80a0737: Added configuration for the `packages` options to config schema - Updated dependencies - @backstage/backend-plugin-api@0.8.0 - @backstage/backend-common@0.24.0 - @backstage/config-loader@1.9.0 - @backstage/plugin-auth-node@0.5.0 - @backstage/plugin-permission-node@0.8.1 - @backstage/cli-common@0.1.14 - @backstage/cli-node@0.2.7 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.8.1-next.3 ### Patch Changes - Updated dependencies - @backstage/backend-plugin-api@0.8.0-next.3 - @backstage/backend-common@0.23.4-next.3 - @backstage/backend-tasks@0.5.28-next.3 - @backstage/cli-common@0.1.14 - @backstage/cli-node@0.2.7 - @backstage/config@1.2.0 - @backstage/config-loader@1.9.0-next.2 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-auth-node@0.5.0-next.3 - @backstage/plugin-permission-node@0.8.1-next.3 ## 0.8.1-next.2 ### Patch Changes - 8b13183: Added support for the latest version of `BackendFeature`s from `@backstage/backend-plugin-api`, including feature loaders. - 93095ee: Make sure node-fetch is version 2.7.0 or greater - 7c5f3b0: Update the `ServiceRegister` implementation to enable registering multiple service implementations for a given service ref. - 80a0737: Added configuration for the `packages` options to config schema - Updated dependencies - @backstage/backend-plugin-api@0.8.0-next.2 - @backstage/backend-common@0.23.4-next.2 - @backstage/config-loader@1.9.0-next.2 - @backstage/plugin-auth-node@0.5.0-next.2 - @backstage/plugin-permission-node@0.8.1-next.2 - @backstage/backend-tasks@0.5.28-next.2 - @backstage/cli-node@0.2.7 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.8.1-next.1 ### Patch Changes - Updated dependencies - @backstage/config-loader@1.9.0-next.1 - @backstage/plugin-permission-node@0.8.1-next.1 - @backstage/backend-plugin-api@0.7.1-next.1 - @backstage/backend-common@0.23.4-next.1 - @backstage/backend-tasks@0.5.28-next.1 - @backstage/cli-common@0.1.14 - @backstage/cli-node@0.2.7 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-auth-node@0.4.18-next.1 ## 0.8.1-next.0 ### Patch Changes - Updated dependencies - @backstage/backend-common@0.23.4-next.0 - @backstage/config-loader@1.8.2-next.0 - @backstage/backend-plugin-api@0.7.1-next.0 - @backstage/backend-tasks@0.5.28-next.0 - @backstage/cli-common@0.1.14 - @backstage/cli-node@0.2.7 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-auth-node@0.4.18-next.0 - @backstage/plugin-permission-node@0.8.1-next.0 ## 0.8.0 ### Minor Changes - 1cb84d7: **BREAKING**: Removed the depreacted `getPath` option from `httpRouterServiceFactory`, as well as the `HttpRouterFactoryOptions` type. - f691c9b: **BREAKING**: Removed the ability to pass callback-form service factories through the `defaultServiceFactories` option of `createSpecializedBackend`. This is an immediate breaking change as usage of this function is expected to be very rare. ### Patch Changes - 2f99178: The `ServiceFactoryTest.get` method was deprecated and the `ServiceFactoryTest.getSubject` should be used instead. The `getSubject` method has the same behavior, but has a better method name to indicate that the service instance returned is the subject currently being tested. - b05e1e1: Service factories exported by this package have been updated to use the new service factory format that doesn't use a callback. - 617a7d2: Internal refactor that avoids the use of service factory options. - b60db08: Fixing exporting of classes properly from new packages - 18b96b1: The ability to install backend features in callback form (`() => BackendFeature`) has been deprecated. This typically means that you need to update the installed features to use the latest version of `@backstage/backend-plugin-api`. If the feature is from a third-party package, please reach out to the package maintainer to update it. - a63c4b6: Fixing issue with `MiddlewareFactory` deprecation wrapping - Updated dependencies - @backstage/backend-plugin-api@0.7.0 - @backstage/backend-common@0.23.3 - @backstage/cli-node@0.2.7 - @backstage/backend-tasks@0.5.27 - @backstage/plugin-permission-node@0.8.0 - @backstage/plugin-auth-node@0.4.17 - @backstage/config-loader@1.8.1 - @backstage/cli-common@0.1.14 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.10-next.1 ### Patch Changes - Updated dependencies - @backstage/backend-common@0.23.3-next.1 - @backstage/backend-plugin-api@0.6.22-next.1 - @backstage/backend-tasks@0.5.27-next.1 - @backstage/cli-common@0.1.14 - @backstage/cli-node@0.2.6 - @backstage/config@1.2.0 - @backstage/config-loader@1.8.1 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-auth-node@0.4.17-next.1 - @backstage/plugin-permission-node@0.7.33-next.1 ## 0.7.9-next.0 ### Patch Changes - b60db08: Fixing exporting of classes properly from new packages - a63c4b6: Fixing issue with `MiddlewareFactory` deprecation wrapping - Updated dependencies - @backstage/backend-plugin-api@0.6.21-next.0 - @backstage/backend-common@0.23.2-next.0 - @backstage/backend-tasks@0.5.26-next.0 - @backstage/plugin-auth-node@0.4.16-next.0 - @backstage/plugin-permission-node@0.7.32-next.0 - @backstage/cli-common@0.1.14 - @backstage/cli-node@0.2.6 - @backstage/config@1.2.0 - @backstage/config-loader@1.8.1 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.6 ### Patch Changes - b7de623: Fixed a potential crash when passing an object with a `null` prototype as log meta. - 9539a0b: Deprecated `authServiceFactory`, `httpAuthServiceFactory`, and `userInfoServiceFactory`. Please import them from `@backstage/backend-defaults/auth`, `@backstage/backend-defaults/httpAuth`, and `@backstage/backend-defaults/userInfo` respectively instead. - 3e823d3: Limited user tokens will no longer include the `ent` field in its payload. Ownership claims will now be fetched from the user info service. NOTE: Limited tokens issued prior to this change will no longer be valid. Users may have to clear their browser cookies in order to refresh their auth tokens. - 78a0b08: Internal refactor to handle `BackendFeature` contract change. - 398b82a: Add support for JWKS tokens in ExternalTokenHandler. - 9e63318: Added an optional `accessRestrictions` to external access service tokens and service principals in general, such that you can limit their access to certain plugins or permissions. - e25e467: Added a new static key based method for plugin-to-plugin auth. This is useful for example if you are running readonly service nodes that cannot use a database for the default public-key signature scheme outlined in [BEP-0003](https://github.com/backstage/backstage/tree/master/beps/0003-auth-architecture-evolution). Most users should want to stay on the more secure zero-config database signature scheme. You can generate a public and private key pair using `openssl`. - First generate a private key using the ES256 algorithm ```sh openssl ecparam -name prime256v1 -genkey -out private.ec.key ``` - Convert it to PKCS#8 format ```sh openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private.ec.key -out private.key ``` - Extract the public key ```sh openssl ec -inform PEM -outform PEM -pubout -in private.key -out public.key ``` After this you have the files `private.key` and `public.key`. Put them in a place where you know their absolute paths, and then set up your app-config accordingly: ```yaml backend: auth: keyStore: type: static static: keys: - publicKeyFile: /absolute/path/to/public.key privateKeyFile: /absolute/path/to/private.key keyId: some-custom-id ``` - 7d30d95: Fixing issue with log meta fields possibly being circular refs - 6a576dc: Stop using `getVoidLogger` in tests to reduce the dependency on the soon-to-deprecate `backstage-common` package. - 6551b3d: Deprecated core service factories and implementations and moved them over to subpath exports on `@backstage/backend-defaults` instead. E.g. `@backstage/backend-defaults/scheduler` is where the service factory and default implementation of `coreServices.scheduler` now lives. - d617103: Updating the logger redaction message to something less dramatic - Updated dependencies - @backstage/cli-node@0.2.6 - @backstage/backend-common@0.23.0 - @backstage/backend-plugin-api@0.6.19 - @backstage/backend-tasks@0.5.24 - @backstage/plugin-auth-node@0.4.14 - @backstage/plugin-permission-node@0.7.30 - @backstage/cli-common@0.1.14 - @backstage/config-loader@1.8.1 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.6-next.3 ### Patch Changes - Updated dependencies - @backstage/cli-node@0.2.6-next.2 - @backstage/backend-plugin-api@0.6.19-next.3 - @backstage/plugin-auth-node@0.4.14-next.3 - @backstage/plugin-permission-node@0.7.30-next.3 - @backstage/cli-common@0.1.14-next.0 - @backstage/backend-tasks@0.5.24-next.3 - @backstage/backend-common@0.23.0-next.3 - @backstage/config-loader@1.8.1-next.0 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.6-next.2 ### Patch Changes - Updated dependencies - @backstage/cli-node@0.2.6-next.1 - @backstage/backend-plugin-api@0.6.19-next.2 - @backstage/backend-common@0.23.0-next.2 - @backstage/plugin-permission-node@0.7.30-next.2 - @backstage/backend-tasks@0.5.24-next.2 - @backstage/plugin-auth-node@0.4.14-next.2 - @backstage/config-loader@1.8.0 - @backstage/cli-common@0.1.13 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.6-next.1 ### Patch Changes - 398b82a: Add support for JWKS tokens in ExternalTokenHandler. - 9e63318: Added an optional `accessRestrictions` to external access service tokens and service principals in general, such that you can limit their access to certain plugins or permissions. - Updated dependencies - @backstage/backend-tasks@0.5.24-next.1 - @backstage/backend-plugin-api@0.6.19-next.1 - @backstage/plugin-permission-node@0.7.30-next.1 - @backstage/backend-common@0.23.0-next.1 - @backstage/cli-node@0.2.6-next.0 - @backstage/config-loader@1.8.0 - @backstage/plugin-auth-node@0.4.14-next.1 ## 0.7.6-next.0 ### Patch Changes - b7de623: Fixed a potential crash when passing an object with a `null` prototype as log meta. - 7d30d95: Fixing issue with log meta fields possibly being circular refs - 6a576dc: Stop using `getVoidLogger` in tests to reduce the dependency on the soon-to-deprecate `backstage-common` package. - 6551b3d: Deprecated core service factories and implementations and moved them over to subpath exports on `@backstage/backend-defaults` instead. E.g. `@backstage/backend-defaults/scheduler` is where the service factory and default implementation of `coreServices.scheduler` now lives. - d617103: Updating the logger redaction message to something less dramatic - Updated dependencies - @backstage/cli-node@0.2.6-next.0 - @backstage/backend-tasks@0.5.24-next.0 - @backstage/backend-common@0.22.1-next.0 - @backstage/backend-plugin-api@0.6.19-next.0 - @backstage/plugin-auth-node@0.4.14-next.0 - @backstage/plugin-permission-node@0.7.30-next.0 - @backstage/config-loader@1.8.0 - @backstage/cli-common@0.1.13 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.3 ### Patch Changes - 4cd5ff0: Add ability to configure the Node.js HTTP Server when configuring the root HTTP Router service - e8199b1: Move the JWKS registration outside of the lifecycle middleware - d229dc4: Move path utilities from `backend-common` to the `backend-plugin-api` package. - dc8c5dd: The default `TokenManager` implementation no longer requires keys to be configured in production, but it will throw an errors when generating or authenticating tokens. The default `AuthService` implementation will now also provide additional context if such an error is throw when falling back to using the `TokenManager` service to generate tokens for outgoing requests. - 025641b: Redact `meta` fields too with the logger - 09f8988: Remove explicit `alg` check for user tokens in `verifyToken` - 5863e02: Internal refactor to only create one external token handler - a1dc547: Added support for camel case CSP directives in app-config. For example: ```yaml backend: csp: upgradeInsecureRequests: false ``` - 329cc34: Added logging of all plugins being initialized, periodic status, and completion. - Updated dependencies - @backstage/backend-common@0.22.0 - @backstage/backend-plugin-api@0.6.18 - @backstage/backend-tasks@0.5.23 - @backstage/plugin-auth-node@0.4.13 - @backstage/plugin-permission-node@0.7.29 ## 0.7.2-next.1 ### Patch Changes - 09f8988: Remove explicit `alg` check for user tokens in `verifyToken` - Updated dependencies - @backstage/backend-common@0.22.0-next.1 - @backstage/backend-tasks@0.5.23-next.1 - @backstage/plugin-auth-node@0.4.13-next.1 - @backstage/plugin-permission-node@0.7.29-next.1 - @backstage/cli-node@0.2.5 - @backstage/config-loader@1.8.0 - @backstage/backend-plugin-api@0.6.18-next.1 ## 0.7.1-next.0 ### Patch Changes - 4cd5ff0: Add ability to configure the Node.js HTTP Server when configuring the root HTTP Router service - e8199b1: Move the JWKS registration outside of the lifecycle middleware - dc8c5dd: The default `TokenManager` implementation no longer requires keys to be configured in production, but it will throw an errors when generating or authenticating tokens. The default `AuthService` implementation will now also provide additional context if such an error is throw when falling back to using the `TokenManager` service to generate tokens for outgoing requests. - 025641b: Redact `meta` fields too with the logger - 5863e02: Internal refactor to only create one external token handler - Updated dependencies - @backstage/plugin-auth-node@0.4.13-next.0 - @backstage/backend-common@0.21.8-next.0 - @backstage/backend-plugin-api@0.6.18-next.0 - @backstage/backend-tasks@0.5.23-next.0 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.5 - @backstage/config@1.2.0 - @backstage/config-loader@1.8.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-permission-node@0.7.29-next.0 ## 0.7.0 ### Minor Changes - 3256f14: **BREAKING**: Modules are no longer loaded unless the plugin that they extend is present. ### Patch Changes - 10327fb: Deprecate the `getPath` option for the `httpRouterServiceFactory` and more generally the ability to configure plugin API paths to be anything else than `/api/:pluginId/`. Requests towards `/api/*` that do not match an installed plugin will also no longer be handled by the index router, typically instead returning a 404. - 2c50516: Fix auth cookie issuance for split backend deployments by preferring to set it against the request target host instead of origin - 7e584d6: Fixed a bug where expired cookies would not be refreshed. - 1a20b12: Make the auth service create and validate dedicated OBO tokens, containing the user identity proof. - 00fca28: Implemented support for external access using both the legacy token form and static tokens. - d5a1fe1: Replaced winston logger with `LoggerService` - bce0879: Service-to-service authentication has been improved. Each plugin now has the capability to generate its own signing keys for token issuance. The generated public keys are stored in a database, and they are made accessible through a newly created endpoint: `/.backstage/auth/v1/jwks.json`. `AuthService` can now issue tokens with a reduced scope using the `getPluginRequestToken` method. This improvement enables plugins to identify the plugin originating the request. - 54f2ac8: Added `initialization` option to `createServiceFactory` which defines the initialization strategy for the service. The default strategy mimics the current behavior where plugin scoped services are initialized lazily by default and root scoped services are initialized eagerly. - 56f81b5: Improved error message thrown by `AuthService` when requesting a token for plugins that don't support the new authentication tokens. - 25ea3d2: Minor internal restructuring - d62bc51: Add support for limited user tokens by using user identity proof provided by the auth backend. - c884b9a: Automatically creates a get and delete cookie endpoint when a `user-cookie` policy is added. - Updated dependencies - @backstage/backend-common@0.21.7 - @backstage/config-loader@1.8.0 - @backstage/plugin-permission-node@0.7.28 - @backstage/backend-plugin-api@0.6.17 - @backstage/backend-tasks@0.5.22 - @backstage/plugin-auth-node@0.4.12 - @backstage/cli-node@0.2.5 - @backstage/cli-common@0.1.13 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.7.0-next.1 ### Minor Changes - 3256f14: **BREAKING**: Modules are no longer loaded unless the plugin that they extend is present. ### Patch Changes - 10327fb: Deprecate the `getPath` option for the `httpRouterServiceFactory` and more generally the ability to configure plugin API paths to be anything else than `/api/:pluginId/`. Requests towards `/api/*` that do not match an installed plugin will also no longer be handled by the index router, typically instead returning a 404. - 1a20b12: Make the auth service create and validate dedicated OBO tokens, containing the user identity proof. - bce0879: Service-to-service authentication has been improved. Each plugin now has the capability to generate its own signing keys for token issuance. The generated public keys are stored in a database, and they are made accessible through a newly created endpoint: `/.backstage/auth/v1/jwks.json`. `AuthService` can now issue tokens with a reduced scope using the `getPluginRequestToken` method. This improvement enables plugins to identify the plugin originating the request. - 54f2ac8: Added `initialization` option to `createServiceFactory` which defines the initialization strategy for the service. The default strategy mimics the current behavior where plugin scoped services are initialized lazily by default and root scoped services are initialized eagerly. - d62bc51: Add support for limited user tokens by using user identity proof provided by the auth backend. - c884b9a: Automatically creates a get and delete cookie endpoint when a `user-cookie` policy is added. - Updated dependencies - @backstage/backend-common@0.21.7-next.1 - @backstage/backend-plugin-api@0.6.17-next.1 - @backstage/plugin-auth-node@0.4.12-next.1 - @backstage/backend-tasks@0.5.22-next.1 - @backstage/plugin-permission-node@0.7.28-next.1 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.4 - @backstage/config@1.2.0 - @backstage/config-loader@1.8.0-next.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.6.3-next.0 ### Patch Changes - 7e584d6: Fixed a bug where expired cookies would not be refreshed. - Updated dependencies - @backstage/backend-common@0.21.7-next.0 - @backstage/config-loader@1.8.0-next.0 - @backstage/backend-plugin-api@0.6.17-next.0 - @backstage/backend-tasks@0.5.22-next.0 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.4 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 - @backstage/plugin-auth-node@0.4.12-next.0 - @backstage/plugin-permission-node@0.7.28-next.0 ## 0.6.2 ### Patch Changes - e848644: Temporarily revert the rate limiting - Updated dependencies - @backstage/plugin-auth-node@0.4.11 - @backstage/backend-common@0.21.6 - @backstage/backend-plugin-api@0.6.16 - @backstage/plugin-permission-node@0.7.27 - @backstage/backend-tasks@0.5.21 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.4 - @backstage/config@1.2.0 - @backstage/config-loader@1.7.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.6.1 ### Patch Changes - de1f45d: Temporarily revert the rate limiting - Updated dependencies - @backstage/backend-common@0.21.5 - @backstage/plugin-auth-node@0.4.10 - @backstage/backend-tasks@0.5.20 - @backstage/plugin-permission-node@0.7.26 - @backstage/backend-plugin-api@0.6.15 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.4 - @backstage/config@1.2.0 - @backstage/config-loader@1.7.0 - @backstage/errors@1.2.4 - @backstage/types@1.1.1 ## 0.6.0 ### Minor Changes - 4a3d434: **BREAKING**: For users that have migrated to the new backend system, incoming requests will now be rejected if they are not properly authenticated (e.g. with a Backstage bearer token or a backend token). Please see the [Auth Service Migration tutorial](https://backstage.io/docs/tutorials/auth-service-migration) for more information on how to circumvent this behavior in the short term and how to properly leverage it in the longer term. Added service factories for the new [`auth`](https://backstage.io/docs/backend-system/core-services/auth/), [`httpAuth`](https://backstage.io/docs/backend-system/core-services/http-auth), and [`userInfo`](https://backstage.io/docs/backend-system/core-services/user-info) services that were created as part of [BEP-0003](https://github.com/backstage/backstage/tree/master/beps/0003-auth-architecture-evolution). ### Patch Changes - 999224f: Bump dependency `minimatch` to v9 - 81e0120: Fixed an issue where configuration schema for the purpose of redacting secrets from logs was not being read correctly. - 15fda44: Provide some sane defaults for `WinstonLogger.create` making some of the arguments optional - 0502d82: Updated the `permissionsServiceFactory` to forward the `AuthService` to the implementation. - 9d91128: Add the possibility to disable watching files in the new backend system - a5d341e: Adds an initial rate-limiting implementation so that any incoming requests that have a `'none'` principal are rate-limited automatically. - 9802004: Made the `DefaultUserInfoService` claims check stricter - f235ca7: Make sure to not filter out schemas in `createConfigSecretEnumerator` - af5f7a6: The experimental feature discovery service exported at the `/alpha` sub-path will no longer attempt to load packages that are not Backstage backend packages. - Updated dependencies - @backstage/backend-common@0.21.4 - @backstage/plugin-auth-node@0.4.9 - @backstage/config@1.2.0 - @backstage/errors@1.2.4 - @backstage/backend-plugin-api@0.6.14 - @backstage/config-loader@1.7.0 - @backstage/backend-tasks@0.5.19 - @backstage/plugin-permission-node@0.7.25 - @backstage/cli-node@0.2.4 - @backstage/cli-common@0.1.13 - @backstage/types@1.1.1 ## 0.6.0-next.2 ### Patch Changes - 15fda44: Provide some sane defaults for `WinstonLogger.create` making some of the arguments optional - 9d91128: Add the possibility to disable watching files in the new backend system - Updated dependencies - @backstage/backend-common@0.21.4-next.2 - @backstage/plugin-auth-node@0.4.9-next.2 - @backstage/backend-plugin-api@0.6.14-next.2 - @backstage/backend-tasks@0.5.19-next.2 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.4-next.0 - @backstage/config@1.2.0-next.1 - @backstage/config-loader@1.7.0-next.1 - @backstage/errors@1.2.4-next.0 - @backstage/types@1.1.1 - @backstage/plugin-permission-node@0.7.25-next.2 ## 0.6.0-next.1 ### Patch Changes - 81e0120: Fixed an issue where configuration schema for the purpose of redacting secrets from logs was not being read correctly. - f235ca7: Make sure to not filter out schemas in `createConfigSecretEnumerator` - Updated dependencies - @backstage/config@1.2.0-next.1 - @backstage/config-loader@1.7.0-next.1 - @backstage/backend-common@0.21.4-next.1 - @backstage/backend-plugin-api@0.6.14-next.1 - @backstage/backend-tasks@0.5.19-next.1 - @backstage/plugin-auth-node@0.4.9-next.1 - @backstage/plugin-permission-node@0.7.25-next.1 - @backstage/cli-common@0.1.13 - @backstage/cli-node@0.2.4-next.0 - @backstage/errors@1.2.4-next.0 - @backstage/types@1.1.1 ## 0.6.0-next.0 ### Minor Changes - 4a3d434: **BREAKING**: For users that have migrated to the new backend system, incoming requests will now be rejected if they are not properly authenticated (e.g. with a Backstage bearer token or a backend token). Please see the [Auth Service Migration tutorial](https://backstage.io/docs/tutorials/auth-service-migration) for more information on how to circumvent this behavior in the short term and how to properly leverage it in the longer term. Added service factories for the new [`auth`](https://backstage.io/docs/backend-system/core-services/auth/), [`httpAuth`](https://backstage.io/docs/backend-system/core-services/http-auth), and [`userInfo`](https://backstage.io/docs/backend-system/core-services/user-info) services that were created as part of [BEP-0003](https://github.com/backstage/backstage/tree/master/beps/0003-auth-architecture-evolution). ### Patch Changes - 999224f: Bump dependency `minimatch` to v9 - 0502d82: Updated the `permissionsServiceFactory` to forward the `AuthService` to the implementation. - 9802004: Made the `DefaultUserInfoService` claims check stricter - Updated dependencies - @backstage/backend-common@0.21.3-next.0 - @backstage/plugin-auth-node@0.4.8-next.0 - @backstage/errors@1.2.4-next.0 - @backstage/backend-plugin-api@0.6.13-next.0 - @backstage/backend-tasks@0.5.18-next.0 - @backstage/plugin-permission-node@0.7.24-next.0 - @backstage/cli-node@0.2.4-next.0 - @backstage/config-loader@1.6.3-next.0 - @backstage/config@1.1.2-next.0 - @ba