Bump @backstage/plugin-auth-backend from 0.27.1 to 0.27.2 in /app

[dependabot]

Bumps @backstage/plugin-auth-backend from 0.27.1 to 0.27.2.

Changelog

Sourced from @​backstage/plugin-auth-backend's changelog.

0.27.2

Patch Changes

• 1ccad86: Added who-am-i action to the auth backend actions registry. Returns the catalog entity and user info for the currently authenticated user.
• d0f4cd2: Added optional client metadata document endpoint at /.well-known/oauth-client/cli.json relative to the auth backend base URL for CLI authentication. Enabled when auth.experimentalClientIdMetadataDocuments.enabled is set to true.
• 6738cf0: build(deps): bump minimatch from 9.0.5 to 10.2.1
• e9b6e97: Fixed a security vulnerability where the CIMD metadata fetch could follow HTTP redirects to internal hosts, bypassing SSRF protections.
• 0f9d673: Improved redirect URI validation in the experimental OIDC provider to match against normalized URLs rather than raw strings.
• a49a40d: Updated dependency zod to ^3.25.76 || ^4.0.0 & migrated to /v3 or /v4 imports.
• 634eded: Fixed a foreign key constraint violation when issuing refresh tokens for CIMD clients, and prevented a failed refresh token issuance from failing the entire token exchange. Fixed AWS ALB auth provider incorrectly returning HTTP 500 instead of 401 for JWT validation failures, which caused retry loops and memory pressure under load.
• 619be54: Update migrations to be reversible
• Updated dependencies
  • @​backstage/backend-plugin-api@​1.8.0
  • @​backstage/plugin-catalog-node@​2.1.0
  • @​backstage/catalog-model@​1.7.7
  • @​backstage/plugin-auth-node@​0.6.14

0.27.1-next.2

Patch Changes

• d0f4cd2: Added optional client metadata document endpoint at /.well-known/oauth-client/cli.json relative to the auth backend base URL for CLI authentication. Enabled when auth.experimentalClientIdMetadataDocuments.enabled is set to true.
• Updated dependencies
  • @​backstage/backend-plugin-api@​1.8.0-next.1
  • @​backstage/plugin-auth-node@​0.6.14-next.2
  • @​backstage/plugin-catalog-node@​2.1.0-next.2

0.27.1-next.1

Patch Changes

• 1ccad86: Added who-am-i action to the auth backend actions registry. Returns the catalog entity and user info for the currently authenticated user.
• Updated dependencies
  • @​backstage/plugin-auth-node@​0.6.14-next.1
  • @​backstage/plugin-catalog-node@​2.1.0-next.1
  • @​backstage/backend-plugin-api@​1.7.1-next.0
  • @​backstage/catalog-model@​1.7.6
  • @​backstage/config@​1.3.6
  • @​backstage/errors@​1.2.7
  • @​backstage/types@​1.2.2

0.27.1-next.0

Patch Changes

• 6738cf0: build(deps): bump minimatch from 9.0.5 to 10.2.1

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

I'm approving this pull request because it includes a patch or minor update