Bump @backstage/backend-defaults from 0.2.18 to 0.17.2 in /packages/backend

[dependabot]

Bumps @backstage/backend-defaults from 0.2.18 to 0.17.2.

Changelog

Sourced from @​backstage/backend-defaults's changelog.

@​backstage/backend-defaults

0.17.3-next.1

Patch Changes

• b75158b: Adapted Azure-related tests for the Azure SDK upgrade to ESM-style exports. The AzureBlobStorageUrlReader now accepts an optional createContainerClient dependency for testability without needing to mock the @azure/storage-blob module.
• 0211390: Added a new v2 invoke endpoint (/.backstage/actions/v2/actions/:id/invoke) that accepts a wrapped body format { input, secrets } with secrets validation. The existing v1 invoke endpoint remains unchanged for backward compatibility. Updated DefaultActionsService to use the v2 endpoint. Updated DefaultActionsRegistryService to expose secrets schema in the actions list response and validate secrets on invocation.
• 34f21c3: Fix gitlabUrlReader issue with retrieving the repository archive tree
• Updated dependencies
  • @​backstage/integration@​2.0.3-next.1
  • @​backstage/backend-plugin-api@​1.9.2-next.1

0.17.2-next.0

Patch Changes

• a07e6a3: Updated AzureBlobStorageUrlReader to reference the correctly-named AzureBlobStorageIntegration type from @backstage/integration. The previously-used AzureBlobStorageIntergation is now an alias for the new type and remains a valid argument to the constructor.
• def82d4: Fixed the built-in rate limiter throwing a validation error and refusing to start when backend.rateLimit is enabled. Requests are now keyed using the address normalization helper from express-rate-limit, which is required by newer versions of that library and ensures IPv6 clients are grouped by their address block rather than by individual address.
• Updated dependencies
  • @​backstage/integration@​2.0.3-next.0
  • @​backstage/plugin-auth-node@​0.7.2-next.0
  • @​backstage/backend-app-api@​1.7.1-next.0
  • @​backstage/plugin-permission-node@​0.11.1-next.0
  • @​backstage/backend-plugin-api@​1.9.2-next.0
  • @​backstage/plugin-events-node@​0.4.23-next.0

0.17.1

Patch Changes

• 90b572e: Adds an alpha TracingService to provide a unified interface for emitting trace spans across Backstage plugins.
• 97d3bd4: Fixed a race condition in CachedUserInfoService where a failed request could incorrectly evict a newer cache entry for the same token. The error handler now verifies the map entry is still the same promise before deleting it.
• 3595c97: Exported defaultServiceFactories to allow use with createSpecializedBackend for advanced configuration like extensionPointFactoryMiddleware.
• 89d3248: Fixed scheduler sleep firing immediately for durations longer than ~24.8 days, caused by Node.js setTimeout overflowing its 32-bit millisecond limit.
• d00a44b: Fixed Valkey cluster mode to use iovalkey's Cluster class instead of createCluster from @keyv/redis. The previous implementation passed a @redis/client RedisCluster instance to @keyv/valkey, which expects an iovalkey Cluster instance. This caused the cluster client to not be recognized correctly, as the two libraries have incompatible object models.
• 2f0519c: Added a new CachedUserInfoService decorator that wraps DefaultUserInfoService with a 5-second TTL cache and in-flight request coalescing. The decorator is wired in via userInfoServiceFactory using a shared root-level cache. Repeated getUserInfo() calls for the same user token within the TTL window return the cached result without making an HTTP call to the auth backend. Note that custom UserInfoService implementations registered via their own factory will not benefit from this cache automatically.
• 744fa1f: Removed duplicated entries that appeared in both dependencies and devDependencies.
• e9b78e9: Removed the uuid dependency and replaced usage with the built-in crypto.randomUUID().
• 6209065: Added context and propagation to the alpha TracingService. Plugins can bridge OpenTelemetry context across async boundaries via tracing.propagation.extract(tracing.context.active(), carrier) followed by tracing.context.with(ctx, fn), and read propagated baggage via tracing.propagation.getActiveBaggage() or tracing.propagation.getBaggage(ctx).
• Updated dependencies
  • @​backstage/errors@​1.3.1
  • @​backstage/integration-aws-node@​0.2.0
  • @​backstage/backend-plugin-api@​1.9.1
  • @​backstage/backend-app-api@​1.7.0
  • @​backstage/cli-node@​0.3.2

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)