Bump @backstage/plugin-auth-backend from 0.25.5 to 0.27.1 in /workspaces/mend

[dependabot]

Bumps @backstage/plugin-auth-backend from 0.25.5 to 0.27.1.

Changelog

Sourced from @​backstage/plugin-auth-backend's changelog.

@​backstage/plugin-auth-backend

0.28.0-next.2

Patch Changes

• 482ceed: Migrated from assertError to toError for error handling.
• Updated dependencies
  • @​backstage/errors@​1.3.0-next.0
  • @​backstage/plugin-auth-node@​0.7.0-next.2
  • @​backstage/plugin-catalog-node@​2.2.0-next.2
  • @​backstage/backend-plugin-api@​1.9.0-next.2
  • @​backstage/catalog-model@​1.7.8-next.0
  • @​backstage/config@​1.3.7-next.0

0.28.0-next.1

Patch Changes

• Updated dependencies
  • @​backstage/backend-plugin-api@​1.9.0-next.1
  • @​backstage/plugin-auth-node@​0.7.0-next.1
  • @​backstage/plugin-catalog-node@​2.1.1-next.1

0.28.0-next.0

Minor Changes

• d7c67cd: BREAKING: The setting auth.omitIdentityTokenOwnershipClaim has had its default value switched to true.

  With this setting Backstage user tokens issued by the auth backend will no longer contain an ent claim - the one with the user's ownership entity refs. This means that tokens issued in large orgs no longer risk hitting HTTP header size limits.

  To get ownership info for the current user, code should use the userInfo core service. In practice code will typically already conform to this since the ent claim has not been readily exposed in any other way for quite some time. But code which explicitly decodes Backstage tokens - which is strongly discouraged - may be affected by this change.

  The setting will remain for some time to allow it to be set back to false if need be, but it will be removed entirely in a future release.

Patch Changes

• dc87ac1: Fixed CIMD redirect URI matching to allow any port for localhost addresses per RFC 8252 Section 7.3. Native CLI clients use ephemeral ports for OAuth callbacks, which are now accepted when the registered redirect URI uses a localhost address.
• Updated dependencies
  • @​backstage/backend-plugin-api@​1.8.1-next.0
  • @​backstage/plugin-auth-node@​0.6.15-next.0
  • @​backstage/plugin-catalog-node@​2.1.1-next.0
  • @​backstage/catalog-model@​1.7.7
  • @​backstage/config@​1.3.6
  • @​backstage/errors@​1.2.7
  • @​backstage/types@​1.2.2

0.27.2

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.