From 8755db4beb118d99f05619c4bc8d778054d95375 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Fri, 30 Jan 2026 19:11:40 +0000
Subject: [PATCH 1/2] fix: packages/backend-next/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LINKIFYREACT-11502190
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906
- https://snyk.io/vuln/SNYK-JS-QS-14724253
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-14114940
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-BACKSTAGEBACKENDAPPAPI-6229731
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125745
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300775
- https://snyk.io/vuln/SNYK-JS-OCTOKITREQUEST-8730853
- https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-TAR-6476909
- https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
- https://snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
- https://snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585
- https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918
- https://snyk.io/vuln/SNYK-JS-PBKDF2-10495496
- https://snyk.io/vuln/SNYK-JS-SHAJS-12089400
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300777
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-LINKIFYJS-11502189
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-9691387
- https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-9691389
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125097
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
- https://snyk.io/vuln/SNYK-JS-PBKDF2-10495498
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
- https://snyk.io/vuln/SNYK-JS-AZUREIDENTITY-7246760
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-OCTOKITPLUGINPAGINATEREST-8730855
- https://snyk.io/vuln/SNYK-JS-OCTOKITREQUESTERROR-8730854
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694
- https://snyk.io/vuln/SNYK-JS-JOSE-6419224
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
- https://snyk.io/vuln/SNYK-JS-JWS-14188253
- https://snyk.io/vuln/SNYK-JS-EXPRESS-7926867
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
- https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
- https://snyk.io/vuln/SNYK-JS-ESLINT-15102420
- https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-7573289
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085
- https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-PRISMJS-9055448
- https://snyk.io/vuln/SNYK-JS-SEND-7926862
- https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865
---
 packages/backend-next/package.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/packages/backend-next/package.json b/packages/backend-next/package.json
index 3043a96ebdc75b..6e7288f294f76a 100644
--- a/packages/backend-next/package.json
+++ b/packages/backend-next/package.json
@@ -25,14 +25,14 @@
     "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "@backstage/backend-defaults": "workspace:^",
-    "@backstage/backend-tasks": "workspace:^",
+    "@backstage/backend-defaults": "0.1.0",
+    "@backstage/backend-tasks": "0.6.1",
     "@backstage/plugin-adr-backend": "workspace:^",
-    "@backstage/plugin-app-backend": "workspace:^",
+    "@backstage/plugin-app-backend": "0.1.1",
     "@backstage/plugin-auth-node": "workspace:^",
     "@backstage/plugin-azure-devops-backend": "workspace:^",
     "@backstage/plugin-badges-backend": "workspace:^",
-    "@backstage/plugin-catalog-backend": "workspace:^",
+    "@backstage/plugin-catalog-backend": "0.1.1",
     "@backstage/plugin-catalog-backend-module-unprocessed": "workspace:^",
     "@backstage/plugin-devtools-backend": "workspace:^",
     "@backstage/plugin-entity-feedback-backend": "workspace:^",
@@ -40,9 +40,9 @@
     "@backstage/plugin-lighthouse-backend": "workspace:^",
     "@backstage/plugin-linguist-backend": "workspace:^",
     "@backstage/plugin-permission-backend": "workspace:^",
-    "@backstage/plugin-permission-common": "workspace:^",
+    "@backstage/plugin-permission-common": "0.1.0",
     "@backstage/plugin-permission-node": "workspace:^",
-    "@backstage/plugin-scaffolder-backend": "workspace:^",
+    "@backstage/plugin-scaffolder-backend": "0.1.1",
     "@backstage/plugin-search-backend": "workspace:^",
     "@backstage/plugin-search-backend-module-catalog": "workspace:^",
     "@backstage/plugin-search-backend-module-explore": "workspace:^",

From c5b4b61ac4d290b24b96fa230e422681ac848513 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 31 Jan 2026 13:32:57 +0000
Subject: [PATCH 2/2] fix: packages/backend-next/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585
- https://snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
- https://snyk.io/vuln/SNYK-JS-LINKIFYREACT-11502190
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-14114940
- https://snyk.io/vuln/SNYK-JS-BACKSTAGEBACKENDAPPAPI-6229731
- https://snyk.io/vuln/SNYK-JS-QS-14724253
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814
- https://snyk.io/vuln/SNYK-JS-PBKDF2-10495496
- https://snyk.io/vuln/SNYK-JS-SHAJS-12089400
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086
- https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300775
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
- https://snyk.io/vuln/SNYK-JS-LINKIFYJS-11502189
- https://snyk.io/vuln/SNYK-JS-TAR-6476909
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300777
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125745
- https://snyk.io/vuln/SNYK-JS-PBKDF2-10495498
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
- https://snyk.io/vuln/SNYK-JS-TAR-15032660
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-TMP-11501554
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
- https://snyk.io/vuln/SNYK-JS-AZUREIDENTITY-7246760
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694
- https://snyk.io/vuln/SNYK-JS-EXPRESS-7926867
- https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026
- https://snyk.io/vuln/SNYK-JS-OCTOKITREQUEST-8730853
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
- https://snyk.io/vuln/SNYK-JS-JWS-14188253
- https://snyk.io/vuln/SNYK-JS-PRISMJS-9055448
- https://snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
- https://snyk.io/vuln/SNYK-JS-JOSE-6419224
- https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-9691387
- https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-9691389
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125097
- https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865
- https://snyk.io/vuln/SNYK-JS-SEND-7926862
- https://snyk.io/vuln/SNYK-JS-OCTOKITPLUGINPAGINATEREST-8730855
- https://snyk.io/vuln/SNYK-JS-OCTOKITREQUESTERROR-8730854
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
- https://snyk.io/vuln/SNYK-JS-ESLINT-15102420
- https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-7573289
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
- https://snyk.io/vuln/SNYK-JS-NANOID-8492085