build(deps): bump @backstage/catalog-model from 1.0.0 to 1.3.0

[dependabot]

Bumps @backstage/catalog-model from 1.0.0 to 1.3.0.

Release notes

Sourced from @​backstage/catalog-model's releases.

v1.3.0

These are the release notes for the v1.3.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

Scaffolder Dry Run and Template Editor

The scaffolder plugin now has a new template editor in addition to the form editor, which is accessible via the context menu on the top right hand corner of the Create page. It allows you to load a template from a local directory, edit it with a preview, execute it in dry-run mode, and view the results. Note that the File System Access API must be supported by your browser for this to be available.

TypeScript 4.7

The recommended TypeScript version has been bumped to ~4.7.0, and that’s what the main Backstage repository uses right now for its builds. Each Backstage project manages their version separately however, so there is no rush or immediate effect on users - you can update the typescript dependency in your root package.json once you feel ready to do so.

Expiring Backend Tokens

In 1.2 we introduced expiry times for server-to-server authentication tokens issued from the standard TokenManager. At that point in time, the expiry was only added to tokens and not yet enforced. In this release however, it is now also enforced, meaning that expired tokens are considered invalid and will be rejected.

Discovery providers

Several new entity providers have been contributed as replacements for their corresponding discovery processors. Entity providers allow for more control and are recommended over their processing counterparts.

• AzureDevOpsEntityProvider as replacement for AzureDevOpsDiscoveryProcessor. PR #11604 contributed by @​goenning
• GitlabDiscoveryEntityProvider as replacement for GitLabDiscoveryProcessor. PR #11886 contributed by @​ivangonzalezacuna
• BitbucketCloudEntityProvider as a replacement for BitbucketDiscoveryProcessor (for Bitbucket Cloud only). PR #11345 contributed by @​pjungermann

New plugin: Vault

View secrets from HashiCorp Vault alongside your components. PR #11423 contributed by @​ivangonzalezacuna

New plugin: GitHub Pull Requests Board

GitHub Pull Requests Board Plugin is a board that helps you visualize all open pull requests from all repositories owned by a team, with the main goal of reducing the time from opening a PR to merging it. PR #11043 contributed by @​gregorytalita

New plugin: Dynatrace

Displays tracing data from Dynatrace alongside your components. PR #11754 contributed by @​isand3r

Security Fixes

@backstage/plugin-scaffolder-backend, please upgrade to the latest version if you are using this module. @backstage/plugin-techdocs-node, please upgrade to the latest version if you are using this module.

Upgrade path

We recommend that you keep your Backstage project up to date with this latest release. For more guidance on how to upgrade, check out the documentation for keeping Backstage updated.

Links and References

... (truncated)

Changelog

Sourced from @​backstage/catalog-model's changelog.

1.3.0

Minor Changes

• be9c422: Modified the regex for DNS label validation to support IDN domains

Patch Changes

• Updated dependencies
  • @​backstage/config@​1.0.7
  • @​backstage/errors@​1.1.5
  • @​backstage/types@​1.0.2

1.3.0-next.0

Minor Changes

• be9c422: Modified the regex for DNS label validation to support IDN domains

Patch Changes

• Updated dependencies
  • @​backstage/config@​1.0.7
  • @​backstage/errors@​1.1.5
  • @​backstage/types@​1.0.2

1.2.1

Patch Changes

• 928a12a: Internal refactor of /alpha exports.
• Updated dependencies
  • @​backstage/errors@​1.1.5
  • @​backstage/config@​1.0.7
  • @​backstage/types@​1.0.2

1.2.1-next.1

Patch Changes

• Updated dependencies
  • @​backstage/errors@​1.1.5-next.0
  • @​backstage/config@​1.0.7-next.0
  • @​backstage/types@​1.0.2

1.2.1-next.0

Patch Changes

• 928a12a: Internal refactor of /alpha exports.

... (truncated)

Commits

• 2e2a82c Version Packages
• a13ab26 Version Packages (next)
• f7b530e Merge pull request #11568 from sqdk/fix-common-schema
• bcc563a Version Packages (next)
• 131a99e Align common.schema.json with Entity type
• 64a03bd Version Packages
• 33f390d catalog-model: fix examples/all.yaml name
• c02ce52 Version Packages (next)
• ff7b454 Merge pull request #11068 from backstage/blam/move-sample-data
• 2e24a4f review fixes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[ImagineBuildBot]

Scan submitted to Checkmarx

[ImagineBuildBot]

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 20 vulnerabilities
 14 High
 6 Medium
 0 Low
 0 Info

Checkmarx Scan Summary

Severity	Count
High	14
Medium	6
Low	0
Informational	0

Violation Summary

 14 High
 5 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines	Severity	Category	File	Link
102	Medium	Missing_HSTS_Header	packages/backend-common/src/middleware/errorHandler.ts	Checkmarx
104	Medium	Client_ReDoS_From_Regex_Injection	plugins/catalog-backend-module-github/src/GithubDiscoveryProcessor.ts	Checkmarx
221	Medium	Client_Privacy_Violation	packages/backend-common/src/scm/git.ts	Checkmarx
168	Medium	Client_Privacy_Violation	packages/integration/src/bitbucket/core.ts	Checkmarx
149	Medium	Client_HTML5_Store_Sensitive_data_In_Web_Storage	packages/core-app-api/src/lib/AuthSessionManager/AuthSessionStore.ts	Checkmarx
53 59 65 66 72 73 79 80	High	Reflected_XSS	plugins/rollbar-backend/src/service/router.ts	Checkmarx
50	High	Reflected_XSS	plugins/periskop-backend/src/service/router.ts	Checkmarx
46 47 83	High	Reflected_XSS	plugins/jenkins-backend/src/service/router.ts	Checkmarx
108	High	Reflected_XSS	plugins/search-backend/src/service/router.ts	Checkmarx
62	High	Client_DOM_XSS	plugins/git-release-manager/src/hooks/useQueryHandler.ts	Checkmarx