68db890456
Version Packages (next)
2026-05-26 15:26:38 +00:00
b97fcb0a93
Version Packages
2026-05-19 18:28:24 +00:00
2f33a9f63f
Fixes for non-breaking typos and typos configuration
...
Signed-off-by: Andre Wanlin <awanlin@spotify.com >
More
Signed-off-by: Andre Wanlin <awanlin@spotify.com >
2026-04-29 16:54:05 -05:00
7295193bb6
Version Packages (next)
2026-04-28 15:53:09 +00:00
e9b78e9698
Remove uuid dependency in favor of crypto.randomUUID()
...
The uuid package dropped its CommonJS entry point in v14, making it
incompatible with Backstage's CJS build output and Jest test runner.
Rather than working around the ESM-only issue, replace all usage with
the built-in crypto.randomUUID() which has been available in Node.js
since v16.7 and in all major browsers since March 2022.
Signed-off-by: Fredrik Adelöw <freben@spotify.com >
Made-with: Cursor
2026-04-23 10:51:43 +02:00
1cc86bee1c
Version Packages (next)
2026-04-21 15:07:43 +00:00
f0c27227cf
chore: remove duplicate dependencies/devDependencies entries
...
Several packages had the same dependency listed in both `dependencies`
and `devDependencies`. This removes the duplicate from whichever section
is incorrect based on actual usage in the source code.
Signed-off-by: Fredrik Adelöw <freben@spotify.com >
Made-with: Cursor
2026-04-16 10:22:01 +02:00
93e643d142
Version Packages
2026-04-14 14:57:31 +00:00
6c10d88c13
Version Packages (next)
2026-04-07 15:30:58 +00:00
7bc057e8b6
Merge pull request #33703 from backstage/feat/auth0-federated-logout
...
feat(auth): support provider logout redirects, implement Auth0 federated logout
2026-04-01 15:27:27 +02:00
208cf5f922
fix(auth): add security hardening and federated config for Auth0 logout
...
Add server-side URL validation for logoutUrl (HTTPS + localhost only),
origin validation on the logout endpoint, and a configurable `federated`
option (default false) for Auth0 provider logout. Includes comprehensive
test coverage for all security controls.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jack Palmer <jackpalmer@spotify.com >
2026-04-01 13:06:43 +01:00
3532be4763
fix(auth): harden logout redirect with origin validation and protocol check
...
Add origin allowlist validation in the OAuth logout handler (matching
the existing start/refresh pattern) and validate the logoutUrl protocol
on the frontend before redirecting. Also replace inline type annotation
with the named OAuthAuthenticatorLogoutResult type.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jack Palmer <jackpalmer@spotify.com >
2026-04-01 13:06:43 +01:00
a2cb332e25
Version Packages (next)
2026-03-31 15:30:51 +00:00
9244b70c57
chore: add changesets, update API reports, fix type errors
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com >
2026-03-31 16:20:23 +01:00
0ef5a03fb3
feat(auth-node): return logoutUrl in logout response when provided by authenticator
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com >
2026-03-31 16:20:23 +01:00
fec31bdde5
feat(auth-node): add OAuthAuthenticatorLogoutResult type for provider logout redirects
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com >
2026-03-31 16:20:23 +01:00
3f8060c460
Merge pull request #33536 from jonkoops/fix/zod-schema-first-generics
...
fix: use schema-first generic pattern for Zod type compatibility
2026-03-26 17:16:51 +01:00
fa550786b0
fix: use schema-first generic pattern for Zod type compatibility
...
Refactor `SignInResolverFactoryOptions` and `createSchemaFromZod` to use
`TSchema extends ZodType` instead of `ZodSchema<Output, Def, Input>`,
avoiding "excessively deep" TypeScript inference errors when multiple
Zod copies are resolved in a project.
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2026-03-26 16:31:41 +01:00
c1b510cabb
Version Packages (next)
2026-03-24 14:54:00 +00:00
5725b5fcfa
Version Packages
2026-03-17 21:39:07 +00:00
e6c41459f5
chore: Switch some zod imports to type only
...
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com >
2026-03-17 16:48:43 +01:00
0257363c51
Allow zod v3 or v4 dependency (keep using v3)
...
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com >
2026-03-17 16:48:42 +01:00
49171c9de4
chore: Update all imports to zod/v3
...
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com >
2026-03-17 16:48:42 +01:00
ed7c4e3bef
Version Packages (next)
2026-03-10 17:34:12 +00:00
db0d171511
Version Packages (next)
2026-03-03 14:16:49 +00:00
4bd6a3a1af
Version Packages (next)
2026-02-24 19:24:06 +00:00
e6df5d52ce
Version Packages
2026-02-17 16:06:18 +00:00
7c41134684
Version Packages (next)
2026-02-10 16:14:59 +00:00
1ea737c1e2
Version Packages (next)
2026-02-03 14:24:29 +00:00
d4b85dddee
Version Packages (next)
2026-01-27 15:51:11 +00:00
f02219a054
Merge pull request #32516 from backstage/freben/nodecolon
...
Add a rule for the use of `node:` prefix on native imports
2026-01-27 14:17:14 +01:00
69d880e171
Bump to latest zod
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2026-01-26 13:52:02 +01:00
7455dae884
require the use of node prefix on native imports
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2026-01-26 13:22:53 +01:00
2e902e7b43
Version Packages
2026-01-20 16:40:05 +00:00
4eeba9ed61
Upgrade zod-validation-error to version 4
...
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2026-01-14 14:46:55 +01:00
872eb91313
Upgrade zod-to-json-schema to latest version
...
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2026-01-14 12:03:47 +01:00
c24788d5bb
Version Packages
2025-12-16 14:08:20 +00:00
4e4901c21d
Merge pull request #32095 from UncleDoom/refactor-oauthcookiemanager-fix-chunked-cookie-removal
...
fix(auth): fix edge case related to chunked oauth token cookie
2025-12-15 22:11:48 +01:00
b35f8b2ac8
fix(auth): fix edge case related to new chunked oauth token cookie having less chunks than previous one and refactor for readability
...
Signed-off-by: Dominik Bargowski <dominik.bargowski@gmail.com >
2025-12-10 19:58:31 +01:00
e08f48a9b5
Version Packages (next)
2025-12-09 15:00:09 +00:00
e9dd634664
fix(auth): update cookie deletion logic for chunked cookies
...
Signed-off-by: Jessica He <jhe@redhat.com >
2025-12-05 09:18:05 -05:00
2e09a29a40
improve auth flake
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2025-12-03 12:32:36 +01:00
de96a60f7a
chore(deps): bump express from 4.21.2 to 4.22.0
...
Bumps [express](https://github.com/expressjs/express ) from 4.21.2 to 4.22.0.
- [Release notes](https://github.com/expressjs/express/releases )
- [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md )
- [Commits](https://github.com/expressjs/express/compare/4.21.2...4.22.0 )
---
updated-dependencies:
- dependency-name: express
dependency-version: 4.22.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-02 20:33:46 +01:00
756986e5e7
Version Packages (next)
2025-11-25 16:21:32 +00:00
2389358126
fix(auth): remove leading dot in auth cookie cleanup
...
Signed-off-by: Jessica He <jhe@redhat.com >
2025-11-24 12:25:18 -05:00
792f4d7e3d
Version Packages
2025-11-18 12:23:09 +00:00
3738293d26
Version Packages (next)
2025-11-04 15:00:26 +00:00
807af8ce0e
Version Packages (next)
2025-10-21 16:14:43 +00:00
b436f73803
Merge pull request #31166 from schultzp2020/constructor-parameters
...
refactor: convert constructor parameter properties for erasableSyntaxOnly compatibility
2025-10-15 18:56:42 +02:00
d6ce2db9ca
Version Packages
2025-10-14 15:29:54 +00:00
github-actions[bot]