Update RHDH X2a Dependencies (minor)#3812
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
requested review from
a team,
eloycoto,
mareklibra and
yray-pixel
as code owners
July 17, 2026 02:09
Changed Packages
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3812 +/- ##
=======================================
Coverage 56.26% 56.26%
=======================================
Files 2499 2499
Lines 96058 96058
Branches 26701 26681 -20
=======================================
Hits 54047 54047
- Misses 40390 40463 +73
+ Partials 1621 1548 -73
*This pull request uses carry forward flags. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
renovate
Bot
force-pushed
the
renovate/rhdh-x2a-dependencies-(minor)
branch
15 times, most recently
from
July 18, 2026 13:37
88e49f4 to
2a64d9a
Compare
renovate
Bot
force-pushed
the
renovate/rhdh-x2a-dependencies-(minor)
branch
from
July 18, 2026 13:48
2a64d9a to
ab3f56f
Compare
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate
Bot
force-pushed
the
renovate/rhdh-x2a-dependencies-(minor)
branch
from
July 18, 2026 15:39
ab3f56f to
e49453d
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



This PR contains the following updates:
7.6.2→7.16.01.60.0→1.61.1Release Notes
backstage/community-plugins (@backstage-community/plugin-rbac-backend)
v7.16.0Compare Source
Minor Changes
895009c: add support for Azure PostgreSQL passwordless authentication with managed identityPatch Changes
058e6a2: Conditional policy reconciliation preserves stored conditions when staging or persistence fails, and correctly merges sibling conditions for the same role and resource without conflict errors during reload.v7.15.0Compare Source
Minor Changes
845383a: Backstage version bump to v1.52.0Patch Changes
845383a]v7.14.0Compare Source
Minor Changes
091ec86: Backstage version bump to v1.51.0.The RBAC backend plugin now resolves user identity through Backstage's
UserInfoServicewhen evaluating conditional permissions, as part of aligning with the Backstage 1.51 permission framework. No action is required if you install RBAC withbackend.add(import('@​backstage-community/plugin-rbac-backend'))and manage access through app-config as documented.If you extend RBAC at a lower level (for example by constructing
PolicyBuilderdirectly), ensureUserInfoServiceis wired through your backend integration.Patch Changes
c9d4e50: Updated dependencyqsto6.15.2.387d2e9: Updated dependency@types/nodeto22.19.19.6d964f2: Migrated MUI-v4 references to MUI-v5Adds New Frontend System dev entrypoints and removes workspace example apps in favor of the plugin
dev/pattern. Dev backend wiring lives inplugins/rbac-backend/dev/(same approach as linguist, feedback, and other FE+BE plugins).Updated dependencies [
091ec86]v7.13.0Compare Source
Minor Changes
6a916a1: Backstage version bump to v1.50.4Patch Changes
6a916a1]v7.12.5Compare Source
Patch Changes
39a3942: Hardens RBAC policy handling to prevent Casbin CSV poisoning and improve error visibility.Key fixes:
permissionvalues containing"before persistence (prevents known CSV parse failures).loadPolicyfailures after audit logging so mutation/read paths surface the root cause instead of secondary errors.400/404where appropriate).Compatibility notes:
permissionvalues with embedded"are now rejected.permissionMappingmust list distinct Backstage permission actions (no duplicates); at most one entry per supported action (create,read,update,delete,use).permission.rbac.validation.conditionalPolicies.maxConditionDepthpermission.rbac.validation.conditionalPolicies.maxConditionNodeCountpermission.rbac.validation.conditionalPolicies.maxCriteriaItemspermission.rbac.validation.conditionalPoliciesFile.maxBytespermission.rbac.validation.conditionalPoliciesFile.maxDocumentsOperational note:
v7.12.4Compare Source
Patch Changes
170f85d: Migrate to Jest 30 and fix backend test assertion compatibility170f85d]v7.12.3Compare Source
Patch Changes
fb2a770: Made postgres username and password optional in casbin adapter factory to support passwordless authenticationv7.12.2Compare Source
Patch Changes
39272f8: Updated dependencycsv-parseto^6.0.0.70e6333: Updated dependency@dagrejs/graphlibto^4.0.0.a559dfb: Updated dependency@types/nodeto22.19.17.8846adf: Updated dependencyqsto6.15.1.v7.12.1Compare Source
Patch Changes
40e44bb: Updated dependencyqsto6.14.2.v7.12.0Compare Source
Minor Changes
8993474: Backstage version bump to v1.49.2Patch Changes
8993474]v7.11.0Compare Source
Minor Changes
50e194d: Add support for a default role and permissions for authenticated users in RBAC backendIntroduced a new
defaultRoleandbasicPermissionsconfiguration options to assign a default role to all authenticated users.Updated the RBAC permission policy to include the default role in user roles if not already present.
Patch Changes
50e194d]v7.10.0Compare Source
Minor Changes
133eae6: Add support for loading conditional permissions from a remote provider (fix #6412)Patch Changes
133eae6]v7.9.1Compare Source
Patch Changes
d737494: Backstage version bump to v1.48.5d737494]v7.9.0Compare Source
Minor Changes
da170a1: Add support for group reference in superUsers list, using direct membership onlyPatch Changes
8a6b81c: Updated dependency@types/supertestto^7.0.0.v7.8.0Compare Source
Minor Changes
843bbe2: Backstage version bump to v1.48.4Patch Changes
843bbe2]v7.7.2Compare Source
Patch Changes
8c7bddb: Added NFS supportaf998b7: Updated dependencysupertestto7.2.2.v7.7.1Compare Source
Patch Changes
b133c9d: Updated dependency@types/supertestto^6.0.0.497d5c6: Updated dependency@types/nodeto22.19.11.9c7ae87: Fix - stop error on upgrade v1.47.x - allow all plugins in the arry to showv7.7.0Compare Source
Minor Changes
e6dbf70: Backstage version bump to v1.47.2Patch Changes
e6dbf70: updated the permissionFactory to use theFetchUrlReader.fromConfiga184943: Updated dependency@types/nodeto22.19.7.e6dbf70]microsoft/playwright (@playwright/test)
v1.61.1Compare Source
v1.61.0Compare Source
🔑 WebAuthn passkeys
New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer
navigator.credentials.create()/navigator.credentials.get()ceremonies in the page — no real hardware key required, works in all browsers:You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.
🗃️ Web Storage
New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:
New APIs
Network
Browser and Screencast
artifactsDirin browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.cursorin screencast.showActions() controls the cursor decoration rendered for pointer actions.onFramecallback in screencast.start() now receives atimestampof when the frame was presented by the browser.Test runner
trace: new'on-all-retries','retain-on-first-failure'and'retain-on-failure-and-retries'values. See the video modes table for which runs are recorded and kept in each mode.expect.soft.poll(...).process.argvfrom the runner process, handy for reading custom arguments passed after the--separator.AggregateErroras a separate entry.-Gcommand line shorthand for--grep-invert.🛠️ Other improvements
Browser Versions
This version was also tested against the following stable channels:
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.