Skip to content

Update RHDH X2a Dependencies (minor)#3812

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rhdh-x2a-dependencies-(minor)
Open

Update RHDH X2a Dependencies (minor)#3812
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rhdh-x2a-dependencies-(minor)

Conversation

@renovate

@renovate renovate Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@backstage-community/plugin-rbac-backend (source) 7.6.27.16.0 age confidence
@playwright/test (source) 1.60.01.61.1 age confidence

Release Notes

backstage/community-plugins (@​backstage-community/plugin-rbac-backend)

v7.16.0

Compare Source

Minor Changes
  • 895009c: add support for Azure PostgreSQL passwordless authentication with managed identity
Patch Changes
  • 058e6a2: Conditional policy reconciliation preserves stored conditions when staging or persistence fails, and correctly merges sibling conditions for the same role and resource without conflict errors during reload.

v7.15.0

Compare Source

Minor Changes
  • 845383a: Backstage version bump to v1.52.0
Patch Changes

v7.14.0

Compare Source

Minor Changes
  • 091ec86: Backstage version bump to v1.51.0.

    The RBAC backend plugin now resolves user identity through Backstage's UserInfoService when evaluating conditional permissions, as part of aligning with the Backstage 1.51 permission framework. No action is required if you install RBAC with backend.add(import('@​backstage-community/plugin-rbac-backend')) and manage access through app-config as documented.

    If you extend RBAC at a lower level (for example by constructing PolicyBuilder directly), ensure UserInfoService is wired through your backend integration.

Patch Changes

v7.13.0

Compare Source

Minor Changes
  • 6a916a1: Backstage version bump to v1.50.4
Patch Changes

v7.12.5

Compare Source

Patch Changes
  • 39a3942: Hardens RBAC policy handling to prevent Casbin CSV poisoning and improve error visibility.

    Key fixes:

    • Rejects permission policy permission values containing " before persistence (prevents known CSV parse failures).
    • Rethrows loadPolicy failures after audit logging so mutation/read paths surface the root cause instead of secondary errors.
    • Improves policy API request validation and missing-role handling (400/404 where appropriate).
    • Validates default configured permissions/admin refs with the same stricter checks used by runtime write paths.
    • Strengthens conditional and plugin-id payload validation and aligns owner filtering behavior for default roles.

    Compatibility notes:

    • Requests/config entries using permission values with embedded " are now rejected.
    • Conditional policy payloads and conditional YAML ingestion now enforce limits.
    • Conditional permissionMapping must list distinct Backstage permission actions (no duplicates); at most one entry per supported action (create, read, update, delete, use).
    • Plugin ID registration payloads now enforce count/length/duplicate checks.
    • For larger existing payloads, limits are configurable via:
    • permission.rbac.validation.conditionalPolicies.maxConditionDepth
    • permission.rbac.validation.conditionalPolicies.maxConditionNodeCount
    • permission.rbac.validation.conditionalPolicies.maxCriteriaItems
    • permission.rbac.validation.conditionalPoliciesFile.maxBytes
    • permission.rbac.validation.conditionalPoliciesFile.maxDocuments

    Operational note:

    • CSV policy files are parsed line-by-line; malformed lines are skipped with warnings instead of aborting the entire file load.

v7.12.4

Compare Source

Patch Changes

v7.12.3

Compare Source

Patch Changes
  • fb2a770: Made postgres username and password optional in casbin adapter factory to support passwordless authentication

v7.12.2

Compare Source

Patch Changes
  • 39272f8: Updated dependency csv-parse to ^6.0.0.
  • 70e6333: Updated dependency @dagrejs/graphlib to ^4.0.0.
  • a559dfb: Updated dependency @types/node to 22.19.17.
  • 8846adf: Updated dependency qs to 6.15.1.

v7.12.1

Compare Source

Patch Changes
  • 40e44bb: Updated dependency qs to 6.14.2.

v7.12.0

Compare Source

Minor Changes
  • 8993474: Backstage version bump to v1.49.2
Patch Changes

v7.11.0

Compare Source

Minor Changes
  • 50e194d: Add support for a default role and permissions for authenticated users in RBAC backend

    • Introduced a new defaultRole and basicPermissions configuration options to assign a default role to all authenticated users.

      permission:
        rbac:
      +   defaultPermissions:
      +     defaultRole: role:default/my-default-role
      +     basicPermissions:
      +       - permission: catalog.entity.read
      +         action: read
    • Updated the RBAC permission policy to include the default role in user roles if not already present.

Patch Changes

v7.10.0

Compare Source

Minor Changes
  • 133eae6: Add support for loading conditional permissions from a remote provider (fix #​6412)
Patch Changes

v7.9.1

Compare Source

Patch Changes

v7.9.0

Compare Source

Minor Changes
  • da170a1: Add support for group reference in superUsers list, using direct membership only
Patch Changes
  • 8a6b81c: Updated dependency @types/supertest to ^7.0.0.

v7.8.0

Compare Source

Minor Changes
  • 843bbe2: Backstage version bump to v1.48.4
Patch Changes

v7.7.2

Compare Source

Patch Changes
  • 8c7bddb: Added NFS support
  • af998b7: Updated dependency supertest to 7.2.2.

v7.7.1

Compare Source

Patch Changes
  • b133c9d: Updated dependency @types/supertest to ^6.0.0.
  • 497d5c6: Updated dependency @types/node to 22.19.11.
  • 9c7ae87: Fix - stop error on upgrade v1.47.x - allow all plugins in the arry to show

v7.7.0

Compare Source

Minor Changes
  • e6dbf70: Backstage version bump to v1.47.2
Patch Changes
microsoft/playwright (@​playwright/test)

v1.61.1

Compare Source

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();
New APIs
Network
Browser and Screencast
  • New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
  • New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
  • The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.
Test runner
  • The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
  • Supported expect.soft.poll(...).
  • New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
  • New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
  • testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
  • New -G command line shorthand for --grep-invert.
🛠️ Other improvements
  • Playwright now supports Ubuntu 26.04.
  • HAR and trace recordings now include WebSocket requests.
Browser Versions
  • Chromium 149.0.7827.55
  • Mozilla Firefox 151.0
  • WebKit 26.5

This version was also tested against the following stable channels:

  • Google Chrome 149
  • Microsoft Edge 149

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file x2a labels Jul 17, 2026
@renovate
renovate Bot requested review from a team, eloycoto, mareklibra and yray-pixel as code owners July 17, 2026 02:09
@rhdh-gh-app

rhdh-gh-app Bot commented Jul 17, 2026

Copy link
Copy Markdown

Changed Packages

Package Name Package Path Changeset Bump Current Version
app workspaces/x2a/packages/app none v0.0.0
backend workspaces/x2a/packages/backend none v0.0.0

@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.26%. Comparing base (cf89b92) to head (e49453d).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #3812   +/-   ##
=======================================
  Coverage   56.26%   56.26%           
=======================================
  Files        2499     2499           
  Lines       96058    96058           
  Branches    26701    26681   -20     
=======================================
  Hits        54047    54047           
- Misses      40390    40463   +73     
+ Partials     1621     1548   -73     
Flag Coverage Δ *Carryforward flag
adoption-insights 83.70% <ø> (ø) Carriedforward from cf89b92
ai-integrations 69.00% <ø> (ø) Carriedforward from cf89b92
app-defaults 69.79% <ø> (ø) Carriedforward from cf89b92
augment 46.39% <ø> (ø) Carriedforward from cf89b92
boost 73.13% <ø> (ø) Carriedforward from cf89b92
bulk-import 72.46% <ø> (ø) Carriedforward from cf89b92
cost-management 14.10% <ø> (ø) Carriedforward from cf89b92
dcm 61.81% <ø> (ø) Carriedforward from cf89b92
extensions 61.53% <ø> (ø) Carriedforward from cf89b92
global-floating-action-button 71.18% <ø> (ø) Carriedforward from cf89b92
global-header 59.71% <ø> (ø) Carriedforward from cf89b92
homepage 50.23% <ø> (ø) Carriedforward from cf89b92
install-dynamic-plugins 56.77% <ø> (ø) Carriedforward from cf89b92
intelligent-assistant 69.01% <ø> (ø) Carriedforward from cf89b92
konflux 91.49% <ø> (ø) Carriedforward from cf89b92
lightspeed 69.02% <ø> (ø) Carriedforward from cf89b92
mcp-integrations 85.46% <ø> (ø) Carriedforward from cf89b92
orchestrator 53.74% <ø> (ø) Carriedforward from cf89b92
quickstart 65.63% <ø> (ø) Carriedforward from cf89b92
sandbox 79.56% <ø> (ø) Carriedforward from cf89b92
scorecard 82.96% <ø> (ø) Carriedforward from cf89b92
theme 61.26% <ø> (ø) Carriedforward from cf89b92
translations 7.25% <ø> (ø) Carriedforward from cf89b92
x2a 78.68% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cf89b92...e49453d. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate
renovate Bot force-pushed the renovate/rhdh-x2a-dependencies-(minor) branch 15 times, most recently from 88e49f4 to 2a64d9a Compare July 18, 2026 13:37
@renovate renovate Bot changed the title fix(deps): update rhdh x2a dependencies (minor) Update RHDH X2a Dependencies (minor) Jul 18, 2026
@renovate
renovate Bot force-pushed the renovate/rhdh-x2a-dependencies-(minor) branch from 2a64d9a to ab3f56f Compare July 18, 2026 13:48
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
renovate Bot force-pushed the renovate/rhdh-x2a-dependencies-(minor) branch from ab3f56f to e49453d Compare July 18, 2026 15:39
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file workspace/x2a x2a

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants