docs/releases/v1.28.0-next.0-changelog.md
Upgrade Helper: https://backstage.github.io/upgrade-helper/?to=1.28.0-next.0
EventsService too in the new backend systemisDatabaseConflictError helper from the @backstage/backend-plugin-api package in order to avoid dependency with the soon to deprecate @backstage/backend-common package.88480e4: BREAKING: The proxy backend plugin is now protected by Backstage auth, by default. Unless specifically configured (see below), all proxy endpoints will reject requests immediately unless a valid Backstage user or service token is passed along with the request. This aligns the proxy with how other Backstage backends behave out of the box, and serves to protect your upstreams from unauthorized access.
A proxy configuration section can now look as follows:
proxy:
endpoints:
'/pagerduty':
target: https://api.pagerduty.com
credentials: require # NEW!
headers:
Authorization: Token token=${PAGERDUTY_TOKEN}
There are three possible credentials settings at this point:
require: Callers must provide Backstage user or service credentials with
each request. The credentials are not forwarded to the proxy target.forward: Callers must provide Backstage user or service credentials with
each request, and those credentials are forwarded to the proxy target.dangerously-allow-unauthenticated: No Backstage credentials are required to
access this proxy target. The target can still apply its own credentials
checks, but the proxy will not help block non-Backstage-blessed callers. If
you also add allowedHeaders: ['Authorization'] to an endpoint configuration,
then the Backstage token (if provided) WILL be forwarded.The value dangerously-allow-unauthenticated was the old default.
The value require is the new default, so requests that were previously
permitted may now start resulting in 401 Unauthorized responses. If you have
backend.auth.dangerouslyDisableDefaultAuthPolicy set to true, this does not
apply; the proxy will behave as if all endpoints were set to
dangerously-allow-unauthenticated.
If you have proxy endpoints that require unauthenticated access still, please
add credentials: dangerously-allow-unauthenticated to their declarations in
your app-config.
null prototype as log meta.getVoidLogger in tests to reduce the dependency on the soon-to-deprecate backstage-common package.@backstage/backend-defaults instead. E.g.
@backstage/backend-defaults/scheduler is where the service factory and default
implementation of coreServices.scheduler now lives.useRedisSets cache config option.isDatabaseConflictError helper have been moved to the @backstage/backend-plugin-api package and deprecated from @backstage/backend-common.createServiceBuilder factory, so if you are still using it, please checkout the migration guide and migrate your plugin to use the new backend system.getVoidLogger in tests.@backstage/backend-app-api. They are now available as subpath exports, e.g.
@backstage/backend-defaults/scheduler is where the service factory and default
implementation of coreServices.scheduler now lives. They have been marked as
deprecated in their old locations.SchedulerService here, along with prefixed versions of all of the types it depends on, from @backstage/backend-tasksisDatabaseConflictError helper from the @backstage/backend-plugin-api package in order to avoid dependency with the soon to deprecate @backstage/backend-common package.@backstage/backend-plugin-api and @backstage/backend-defaultsTaskScheduler.fromConfig method and stop using the getVoidlogger in tests files to reduce the dependency on the soon-to-deprecate backstage-common package.undefined from the child method.versions:check --fix when yarn.lock has multiple joint versions in the same sectionesbuild target for package builds to ES2022.v5- class prefixing gets removed by tree shaking.DefaultApiExplorerPage now accepts an optional ownerPickerMode for toggling the behavior of the EntityOwnerPicker, exposing a new mode <DefaultApiExplorerPage ownerPickerMode="all" /> particularly suitable for larger catalogs. In this new mode, EntityOwnerPicker will display all the users and groups present in the catalog.app-backend plugin, which was broken in release 1.26.0.
This support is critical for dynamic frontend plugins to have access to their config values.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.ScaffolderField component are now opened in new tabs.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.getVoidLogger with mockServices.logger.mock in order to remove the dependency with the soon-to-be-deprecated backend-common package.TechDocsIndexPage now accepts an optional ownerPickerMode for toggling the behavior of the EntityOwnerPicker, exposing a new mode <TechDocsIndexPage ownerPickerMode="all" /> particularly suitable for larger catalogs. In this new mode, EntityOwnerPicker will display all the users and groups present in the catalog.