Bump @backstage/plugin-catalog-node from 1.19.0 to 2.2.1

[dependabot]

Bumps @backstage/plugin-catalog-node from 1.19.0 to 2.2.1.

Release notes

Sourced from @​backstage/plugin-catalog-node's releases.

v1.52.0-next.0

See docs/releases/v1.52.0-next.0-changelog.md for more information.

v1.51.0

These are the release notes for the v1.51.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

BREAKING: Removed deprecated NavItemBlueprint

The deprecated NavItemBlueprint has been removed from @backstage/frontend-plugin-api. Navigation items are now discovered from PageBlueprint extensions based on their title and icon params. If you were still using NavItemBlueprint, migrate by setting title and icon on the page extension instead. All built-in plugins have been updated accordingly.

Additionally, renderInTestApp from @backstage/frontend-test-utils no longer renders a sidebar or legacy nav-item extensions. The app nav extension is now disabled in the minimal test app shell.

BREAKING: Removed deprecated PortableSchema.schema property form

The deprecated property form of PortableSchema.schema has been removed from @backstage/frontend-plugin-api. The schema member is now a plain method that must be called as schema() — direct property access like schema.type or schema.properties is no longer supported.

BREAKING: Hardened OIDC default patterns

The default allowed patterns for CIMD and DCR in @backstage/plugin-auth-backend have been hardened. The previous permissive ['*'] wildcards have been replaced with specific defaults for known MCP clients. If you previously relied on the permissive defaults and have custom MCP clients, you will need to explicitly add their patterns to the allow list.

BREAKING: Cleaned up PolicyQueryUser type

The token and expiresInSeconds fields have been removed from PolicyQueryUser in @backstage/plugin-permission-node. These were previously deprecated in favor of credentials with coreServices.auth. The identity field has been deprecated. A new CachedUserInfoService with a 5-second TTL cache and in-flight request coalescing has been added to reduce repeated user info lookups.

BREAKING: Catalog entity pagination excludes entities without sort field

When paginating entities with an order field via /entities/by-query, entities that lack the order field are now excluded from both the result set and the totalItems count. Previously these entities appeared at the end via NULLS LAST, but cursor-based pagination could not actually reach them past the first page — the count over-reported the number of navigable entities.

BREAKING: Microsoft Graph disabled users filtered by default

The @backstage/plugin-catalog-backend-module-msgraph and @backstage/plugin-catalog-backend-module-msgraph-incremental providers now filter out disabled user accounts by default. The provider automatically applies an accountEnabled eq true filter, combining it with any custom user.filter you provide. If you need to ingest disabled accounts, set the filter to explicitly include them.

Contributed by @​mtlewis in #34165

BREAKING: Backstage UI updates

There are several new additions in Backstage UI:

New components: A Combobox component pairs a text input with a filterable dropdown, supporting sectioned options, icons, sizes, and custom typed values. New DatePicker and DateRangePicker components provide accessible date selection with calendar popovers built on React Aria. Flex item props (grow, shrink, basis) have been added to Box, Card, Grid, and Flex.

Header improvements: A sticky prop has been added to the Header component that keeps the title-and-actions bar fixed at the top of its scroll container. New description, tags, and metadata props provide richer header content. The breadcrumbs prop has been deprecated.

Other additions: Grouped options in Select, isPending prop replacing loading across components, searchDebounceMs and filterDebounceMs options for useTable, PasswordField visual alignment with TextField, a public --bui-bg-inherit CSS variable, and keyboard focus indicators on Card links.

Breaking changes:

... (truncated)

Changelog

Sourced from @​backstage/plugin-catalog-node's changelog.

2.2.1

Patch Changes

• ab1cdbb: Removed a handful of internal imports that referenced the package by its own name. Value imports were switched to relative paths, and type-only imports to import type. These self-referential imports could trigger circular initialization errors in bundled ESM and when the package was loaded via jest.requireActual — most visibly Cannot access '_AppRootElementBlueprintesm' before initialization from @backstage/frontend-plugin-api. There are no user-facing API changes.
• Updated dependencies
  • @​backstage/catalog-model@​1.9.0
  • @​backstage/errors@​1.3.1
  • @​backstage/backend-test-utils@​1.11.3
  • @​backstage/backend-plugin-api@​1.9.1
  • @​backstage/plugin-permission-node@​0.11.0
  • @​backstage/plugin-permission-common@​0.9.9
  • @​backstage/catalog-client@​1.15.1
  • @​backstage/plugin-catalog-common@​1.1.10

2.2.1-next.1

Patch Changes

• ab1cdbb: Removed a handful of internal imports that referenced the package by its own name. Value imports were switched to relative paths, and type-only imports to import type. These self-referential imports could trigger circular initialization errors in bundled ESM and when the package was loaded via jest.requireActual — most visibly Cannot access '_AppRootElementBlueprintesm' before initialization from @backstage/frontend-plugin-api. There are no user-facing API changes.
• Updated dependencies
  • @​backstage/catalog-model@​1.8.1-next.1
  • @​backstage/backend-test-utils@​1.11.3-next.1
  • @​backstage/plugin-permission-common@​0.9.9-next.1

2.2.1-next.0

Patch Changes

• Updated dependencies
  • @​backstage/errors@​1.3.1-next.0
  • @​backstage/backend-plugin-api@​1.9.1-next.0
  • @​backstage/backend-test-utils@​1.11.3-next.0
  • @​backstage/catalog-client@​1.15.1-next.0
  • @​backstage/catalog-model@​1.8.1-next.0
  • @​backstage/plugin-permission-common@​0.9.9-next.0
  • @​backstage/plugin-permission-node@​0.10.13-next.0
  • @​backstage/types@​1.2.2
  • @​backstage/plugin-catalog-common@​1.1.10-next.0

2.2.0

Minor Changes

• e5fcfcb: Added provideStaticCatalogModel that helps provide a static catalog model at startup.

• 056e18e: BREAKING ALPHA: Removed the deprecated CatalogPermissionRuleInput, CatalogPermissionExtensionPoint, and catalogPermissionExtensionPoint exports. Use coreServices.permissionsRegistry directly to register catalog entity permission rules and permissions.

• c384fff: BREAKING PRODUCERS: Added updateLocation method to CatalogService for updating the type and target of an existing location. Any code that implements CatalogService must now provide this method.

• 7a03196: BREAKING ALPHA: Removed the following deprecated exports from @backstage/plugin-catalog-node/alpha:

  • catalogServiceRef — use catalogServiceRef from @backstage/plugin-catalog-node instead

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)