Skip to content

Bump @backstage/plugin-scaffolder-backend from 1.19.2 to 3.1.5 in /app#3004

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/app/backstage/plugin-scaffolder-backend-3.1.5
Open

Bump @backstage/plugin-scaffolder-backend from 1.19.2 to 3.1.5 in /app#3004
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/app/backstage/plugin-scaffolder-backend-3.1.5

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 12, 2026

Bumps @backstage/plugin-scaffolder-backend from 1.19.2 to 3.1.5.

Release notes

Sourced from @​backstage/plugin-scaffolder-backend's releases.

v1.49.0-next.2

See docs/releases/v1.49.0-next.2-changelog.md for more information.

v1.49.0-next.1

See docs/releases/v1.49.0-next.1-changelog.md for more information.

v1.49.0-next.0

See docs/releases/v1.49.0-next.0-changelog.md for more information.

v1.48.5

This release contains security fixes for @backstage/plugin-auth-backend and @backstage/plugin-scaffolder-backend

v1.48.4

This release contains security fixes for @backstage/plugin-techdocs-node @backstage/integration and @backstage/plugin-scaffolder-backend

v1.48.3

This patch release fixes the following issues:

  • Fixes the @mui/material/styles shared dependency key by removing a trailing slash that caused module resolution failures with MUI package exports.
  • Fixes entity page tab groups not respecting the ordering from the groups configuration.

v1.48.2

This patch release includes the following fixes:

  • Updated @microsoft/api-extractor to 7.57.3 (#32950)
  • Add back formFieldsApiRef and ScaffolderFormFieldsApi alpha exports from @backstage/plugin-scaffolder (#32969)
  • Perform search on first navigate (#32973)

v1.48.1

This patch release fixes the following issues:

  • Add missing sharing extensions sidebar item in frontend system architecture docs
  • Fix type compatibility for older plugins in FrontendFeature type

v1.48.0

These are the release notes for the v1.48.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

BREAKING ALPHA: Catalog extension points graduated

If you are providing custom processors and entity providers into the catalog, you will now note that several (but not quite all!) of those extension points have graduated out of alpha and into the regular stable exports.

Thus, if you are importing for example catalogProcessingExtensionPoint from @backstage/plugin-catalog-node/alpha, you now want to remove that /alpha suffix.

BREAKING: API restrictions in New Frontend System

In the 1.47 release a new behavior was introduced to the New Frontend System that limits the ability for plugins and modules to provide APIs to plugins other than themselves. For example, the scaffolder plugin could no longer install a custom CatalogApi implementation. This also applies to modules, where you now need to use a module explicitly targeting the 'app' plugin to for example override the ErrorApi.

... (truncated)

Changelog

Sourced from @​backstage/plugin-scaffolder-backend's changelog.

@​backstage/plugin-scaffolder-backend

3.2.0-next.2

Minor Changes

  • e8736ea: Added secrets schema validation for task creation, retry, and dry-run endpoints. When a template defines spec.secrets.schema, the API validates provided secrets against the schema and returns a 400 error if validation fails.

Patch Changes

  • 30ff981: Fixed a security vulnerability where secrets could bypass log redaction when transformed through Nunjucks filters in scaffolder templates.
  • Updated dependencies
    • @​backstage/backend-plugin-api@​1.8.0-next.1
    • @​backstage/integration@​2.0.0-next.2
    • @​backstage/plugin-scaffolder-common@​2.0.0-next.2
    • @​backstage/backend-openapi-utils@​0.6.7-next.1
    • @​backstage/plugin-catalog-node@​2.1.0-next.2
    • @​backstage/plugin-events-node@​0.4.20-next.1
    • @​backstage/plugin-permission-node@​0.10.11-next.1
    • @​backstage/plugin-scaffolder-node@​0.13.0-next.2

3.2.0-next.1

Minor Changes

  • c9b11eb: Added a new list-scaffolder-tasks action that allows querying scaffolder tasks with optional ownership filtering and pagination support
  • 0fbcf23: Migrated OpenAPI schemas to 3.1.
  • 7695dd2: Added a new list-scaffolder-actions action that returns all installed scaffolder actions with their schemas and examples

Patch Changes

  • e27bd4e: Removed @backstage/plugin-scaffolder-backend-module-bitbucket from package.json as the package itself has been deprecated and the code deleted.
  • ccc20cf: create scaffolder MCP action to dry run a provided scaffolder template
  • Updated dependencies
    • @​backstage/integration@​2.0.0-next.1
    • @​backstage/plugin-scaffolder-common@​2.0.0-next.1
    • @​backstage/plugin-scaffolder-node@​0.13.0-next.1
    • @​backstage/plugin-catalog-node@​2.1.0-next.1
    • @​backstage/backend-openapi-utils@​0.6.7-next.0
    • @​backstage/backend-plugin-api@​1.7.1-next.0
    • @​backstage/catalog-model@​1.7.6
    • @​backstage/config@​1.3.6
    • @​backstage/errors@​1.2.7
    • @​backstage/types@​1.2.2
    • @​backstage/plugin-events-node@​0.4.20-next.0
    • @​backstage/plugin-permission-common@​0.9.6
    • @​backstage/plugin-permission-node@​0.10.11-next.0

3.1.4-next.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump @backstage/plugin-scaffolder-backend from 1.19.2 to 3.1.5 in /app
f3773dd 
Bumps [@backstage/plugin-scaffolder-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/scaffolder-backend) from 1.19.2 to 3.1.5.
- [Release notes](https://github.com/backstage/backstage/releases)
- [Changelog](https://github.com/backstage/backstage/blob/master/plugins/scaffolder-backend/CHANGELOG.md)
- [Commits](https://github.com/backstage/backstage/commits/HEAD/plugins/scaffolder-backend)

---
updated-dependencies:
- dependency-name: "@backstage/plugin-scaffolder-backend"
  dependency-version: 3.1.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 12, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 12, 2026 15:10
@dependabot dependabot bot added javascript Pull requests that update Javascript code dependencies Pull requests that update a dependency file labels Mar 12, 2026
@dependabot dependabot bot mentioned this pull request Mar 12, 2026
Closed
@github-actions github-actions bot enabled auto-merge (squash) March 12, 2026 15:10
@github-actions
Copy link
Contributor

github-actions bot commented Mar 12, 2026

I'm not approving this PR because it includes a major update of a dependency used in production

@github-actions github-actions bot requested a review from diegoluisi March 12, 2026 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diegoluisi diegoluisi Awaiting requested review from diegoluisi

At least 1 approving review is required to merge this pull request.

Assignees

@diegoluisi diegoluisi

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@diegoluisi