fix(deps): update rhdh cost management dependencies (minor)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@backstage-community/plugin-rbac (source)	1.33.2 → 1.53.1
@playwright/test (source)	1.60.0 → 1.61.0
@red-hat-developer-hub/backstage-plugin-theme (source)	^0.12.0 → ^0.14.0
fast-xml-builder	1.1.7 → 1.2.0
fast-xml-parser	5.7.3 → 5.9.0
ip-address	10.1.1 → 10.2.0
jsonpath-plus	10.3.0 → 10.4.0
markdown-it	14.1.1 → 14.2.0
qs	6.14.1 → 6.15.2
undici (source)	7.25.0 → 7.28.0

---

Release Notes

backstage/community-plugins (@​backstage-community/plugin-rbac)

v1.53.1

Compare Source

Patch Changes

• 91cce2e: Fixed RBAC table pagination text not being translated in non-English locales by adding labelDisplayedRows and labelRowsPerPage translation keys and wiring them into all table components.

v1.53.0

Compare Source

Minor Changes

• 6a916a1: Backstage version bump to v1.50.4

Patch Changes

• Updated dependencies [6a916a1]
  • @​backstage-community/plugin-rbac-common@​1.27.0

v1.52.4

Compare Source

Patch Changes

• a63b0b6: Updated dependency start-server-and-test to 3.0.2.
• 170f85d: Migrate to Jest 30 and fix backend test assertion compatibility
• Updated dependencies [170f85d]
  • @​backstage-community/plugin-rbac-common@​1.26.1

v1.52.3

Compare Source

Patch Changes

• c1b8a19: Expanded checkbox click targets in the permission policies form to include the associated label text. Clicking the permission name or policy action text now toggles the corresponding checkbox.

v1.52.2

Compare Source

Patch Changes

• 3fc1a9e: Fix RBAC role creation form UI text consistency and accuracy

v1.52.1

Compare Source

Patch Changes

• a559dfb: Updated dependency @types/node to 22.19.17.

v1.52.0

Compare Source

Minor Changes

• 8993474: Backstage version bump to v1.49.2

Patch Changes

• Updated dependencies [8993474]
  • @​backstage-community/plugin-rbac-common@​1.26.0

v1.51.0

Compare Source

Minor Changes

• 50e194d: Add support for a default role and permissions for authenticated users in RBAC backend

  • Introduced a new defaultRole and basicPermissions configuration options to assign a default role to all authenticated users.

    permission:
      rbac:
    +   defaultPermissions:
    +     defaultRole: role:default/my-default-role
    +     basicPermissions:
    +       - permission: catalog.entity.read
    +         action: read

  • Updated the RBAC permission policy to include the default role in user roles if not already present.

Patch Changes

• Updated dependencies [50e194d]
  • @​backstage-community/plugin-rbac-common@​1.25.0

v1.50.2

Compare Source

Patch Changes

• d737494: Backstage version bump to v1.48.5
• Updated dependencies [d737494]
  • @​backstage-community/plugin-rbac-common@​1.24.1

v1.50.1

Compare Source

Patch Changes

• 0467b33: Updated dependency @testing-library/react to ^16.0.0.
  Updated dependency @testing-library/dom to 10.4.1.
  Updated dependency @testing-library/jest-dom to ^6.0.0.

v1.50.0

Compare Source

Minor Changes

• 843bbe2: Backstage version bump to v1.48.4

Patch Changes

• d22bce2: Updated dependency start-server-and-test to 2.1.5.
• Updated dependencies [843bbe2]
  • @​backstage-community/plugin-rbac-common@​1.24.0

v1.49.0

Compare Source

Minor Changes

• 8c7bddb: Added NFS support

Patch Changes

• 42c05f7: exported rbacPlugin as a default and other minor updates
• a55af54: Updated the translation of a Japanese word.
• 1d15595: Translation updated for German and Spanish

v1.48.1

Compare Source

Patch Changes

• 497d5c6: Updated dependency @types/node to 22.19.11.

v1.48.0

Compare Source

Minor Changes

• e6dbf70: Backstage version bump to v1.47.2

Patch Changes

• 658c2c9: Updated dependency start-server-and-test to 2.1.3.
• a184943: Updated dependency @types/node to 22.19.7.
• Updated dependencies [e6dbf70]
  • @​backstage-community/plugin-rbac-common@​1.23.0

v1.47.4

Compare Source

Patch Changes

• c074f91: Added ja and updated fr, it translation files.

v1.47.3

Compare Source

Patch Changes

• 5af1aa9: Fixed excessive vertical padding between table rows and pagination controls in RolesList component.
• b3dda0c: Fix RBAC conditional access tooltips for disabled buttons

v1.47.2

Compare Source

Patch Changes

• 64d31dd: Add translation for "Permission policies ({{count}})" in ReviewStep and all locale files (en, de, es, fr, it).

v1.47.1

Compare Source

Patch Changes

• efdad9e: Updated dependency @types/node to 22.19.3.

v1.47.0

Compare Source

Minor Changes

• e2d17e1: Backstage version bump to v1.45.1

Patch Changes

• Updated dependencies [e2d17e1]
  • @​backstage-community/plugin-rbac-common@​1.22.0

v1.46.0

Compare Source

Minor Changes

• 2d1f63f: Backstage version bump to v1.44.2

Patch Changes

• Updated dependencies [2d1f63f]
  • @​backstage-community/plugin-rbac-common@​1.21.0

v1.45.1

Compare Source

Patch Changes

• 9ffcad1: Updated dependency start-server-and-test to 2.1.2.
• 3944da5: undo Editrole page submit button label

v1.45.0

Compare Source

Minor Changes

• 232a84d: Backstage version bump to v1.42.5

Patch Changes

• Updated dependencies [232a84d]
  • @​backstage-community/plugin-rbac-common@​1.20.0

v1.44.0

Compare Source

Minor Changes

• 3719f79: Add internationalization (i18n) support with German, French, Italian, and Spanish translations.

v1.43.0

Compare Source

Minor Changes

• 2f4d9ff: Backstage version bump to v1.41.1

Patch Changes

• 34aa972: Updated dependency @mui/icons-material to 5.18.0.
  Updated dependency @mui/material to 5.18.0.
  Updated dependency @mui/styles to 5.18.0.
  Updated dependency @mui/lab to 5.0.0-alpha.177.
• 4b2569f: Updated dependency start-server-and-test to 2.0.13.
• Updated dependencies [2f4d9ff]
  • @​backstage-community/plugin-rbac-common@​1.19.0

v1.42.2

Compare Source

Patch Changes

• 2e28d31: hide permissions for uninstalled plugins

v1.42.1

Compare Source

Patch Changes

• a2e5d4e: Added optional pagination support to getMembers API
• aec6bc2: docs(rbac): Removing Janus IDP dynamic plugin installation instructions, switching to relative paths for doc links
• ac39bff: removed shared-react dependencies
• 4719a0e: Fix to remove entire permission when no policy is selected.

v1.42.0

Compare Source

Minor Changes

• 4b58a1d: Backstage version bump to v1.39.0

Patch Changes

• 6a59fcf: remove support and lifecycle keywords in package.json
• Updated dependencies [6a59fcf]
• Updated dependencies [4b58a1d]
  • @​backstage-community/plugin-rbac-common@​1.18.0

v1.41.6

Compare Source

Patch Changes

• 6c4ee27: Replaced getTitleCase from shared-react with the capitalizeFirstLetter utility from the RBAC plugin as part of sunsetting the shared-react package.
• e141237: Improve useRoles hook to support paginated role condition fetching using Promise.allSettled, ensuring partial data availability even if individual condition fetch fails.
• e958f2f: Updated dependency @types/node to 22.15.29.
• 7d6d70f: Updated dependency start-server-and-test to 2.0.12.
• Updated dependencies [a42945e]
  • @​backstage-community/plugin-rbac-common@​1.17.0

v1.41.5

Compare Source

Patch Changes

• fcc57ec: Updated dependency @types/node to 22.14.1.
• 4d8a8e9: Removed theme package "@​redhat-developer/red-hat-developer-hub-theme" in dev.
• 79213e4: Fixed role actions tooltip delay issue.

v1.41.4

Compare Source

Patch Changes

• eebc68d: UI Enhancements:

  • Added vertical spacing between buttons in the side drawer for improved usability.
  • Fixed layout issue in the Users and Groups table where adding a row caused unexpected height changes.
  • Aligned action icon colors in the Roles table for visual consistency.
  • Simplified label formatting in the Overview table for a cleaner look.
  • Improved dropdown behavior in Users, Groups, and Permissions sections — selecting an option no longer clears the input text.
  • Conditionally hid input field labels when validation errors are present to reduce visual clutter.
  • Aligned “No options” placeholder text across the Users and Groups and Plugin selection dropdowns.
  • Prevented backspace from unintentionally removing selected items in the Users and Groups and Plugin dropdowns.

v1.41.3

Compare Source

Patch Changes

• 658c51c: chore: Remove usage of @​spotify/prettier-config
• Updated dependencies [658c51c]
  • @​backstage-community/plugin-rbac-common@​1.16.1

v1.41.2

Compare Source

Patch Changes

• fa53ba5: Updated dependency @playwright/test to 1.52.0.

v1.41.1

Compare Source

Patch Changes

• c92a50c: Fixed a bug where updating a role name via the PUT </api/permission/roles/:kind/:namespace/:name> endpoint did not propagate changes to metadata, permissions and conditions, leaving them mapped to the old role name.

v1.41.0

Compare Source

Minor Changes

• e8755f6: Backstage version bump to v1.38.1

Patch Changes

• Updated dependencies [e8755f6]
  • @​backstage-community/plugin-rbac-common@​1.16.0

v1.40.1

Compare Source

Patch Changes

• 1adf6a6: resolve module import error while importing from @rjsf/utils/lib/schema/getDefaultFormState

v1.40.0

Compare Source

Minor Changes

• d278b4c: Adds the ability to assign ownership to roles that can then be used to conditionally filter roles, permission policies, and conditional policies. The conditional filter can now be accomplished through the use of the new RBAC conditional rule IS_OWNER.

  IS_OWNER can be used to grant limited access to the RBAC plugins where in admins might want leads to control their own team's access.

  Removed the resource type from the policy.entity.create permission to prevent conditional rules being applied to the permission. At the moment, the plugins will still continue to work as expected. However, it is strongly recommended updating all permission policies that utilize the resource type policy-entity with the action create (ex. role:default/some_role, policy-entity, create, allow to role:default/some_role, policy.entity.create, create, allow) to prevent any future degradation in service. A migration has been supplied to automatically update all permission policies that have not originated from the CSV file. The CSV file was skipped as a duplication event could happen during reloads / restarts. This means that the CSV file will need to be updated manually to ensure that all references to the old permission policy, resource type policy-entity with an action of create, have been updated to the named permission policy.entity.create with an action of create.

Patch Changes

• Updated dependencies [d278b4c]
  • @​backstage-community/plugin-rbac-common@​1.15.0

v1.39.3

Compare Source

Patch Changes

• f84ad73: chore: remove homepage field from package.json
• Updated dependencies [f84ad73]
  • @​backstage-community/plugin-rbac-common@​1.14.1

v1.39.2

Compare Source

Patch Changes

• c31699d: Updated dependency @playwright/test to 1.51.1.
• f16f56e: Updated dependency start-server-and-test to 2.0.11.

v1.39.1

Compare Source

Patch Changes

• 85541c1: RBACApiRef should be exposed to support simulation / customization based on use-cases and to mock API implementation for feature testing. #​2872

v1.39.0

Compare Source

Minor Changes

• 0253db6: Backstage version bump to v1.36.1

Patch Changes

• Updated dependencies [0253db6]
  • @​backstage-community/plugin-rbac-common@​1.14.0

v1.38.3

Compare Source

Patch Changes

• 32135b8: Updated dependency @testing-library/user-event to 14.6.1.
• c222ea4: Updated dependency @playwright/test to 1.51.0.
• 973a5ef: remove prettier from devDevpendencies

v1.38.2

Compare Source

Patch Changes

• 3f80cbb: fixed no record found was being shown before the role list get displayed
• a388178: Fix to show conditional permission policy with multiple CRUD actions on single resource-type created via CLI/CSV correctly in edit form.
• a8e2f2c: Updated dependency @material-ui/lab to 4.0.0-alpha.61.
  Updated dependency @mui/icons-material to 5.16.14.
  Updated dependency @mui/material to 5.16.14.
  Updated dependency @mui/styles to 5.16.14.
  Updated dependency @mui/x-charts to 6.19.8.
  Updated dependency @mui/lab to 5.0.0-alpha.175.

v1.38.1

Compare Source

Patch Changes

• 152eb5f: In edit role form show selected permissions for a plugin based on resource-type and policy mapping if resource-type used in creation of simple permission policy via CLI/CSV file.
• 3e35324: Updated dependency start-server-and-test to 2.0.10.

v1.38.0

Compare Source

Minor Changes

• a7730fc: Update shared react library @​janus-idp/shared-react to version 2.16.0 with newer @​kubernetes/client-node@​1.0.0-rc7.

v1.37.0

Compare Source

Minor Changes

• 5934dfe: Open confirmation modal with options to discard the entered information or continue with adding more information on create/edit role forms cancel button click.

v1.36.0

Compare Source

Minor Changes

• 838db28: Redesigned RBAC form permissions section.
  User will be able to select multiple plugins at once.

v1.35.0

Compare Source

Minor Changes

• 5d5c02a: Backstage version bump to v1.35.0

Patch Changes

• Updated dependencies [5d5c02a]
  • @​backstage-community/plugin-rbac-common@​1.13.0

v1.34.0

Compare Source

Minor Changes

• 622dcb6: Allow admin to select multiple users/groups

v1.33.6

Compare Source

Patch Changes

• 5b19b0d: Update documentation information about pluginsWithPermission setting. In order for the RBAC UI to display available permissions provided by installed plugins, this setting needs to be configured.

v1.33.5

Compare Source

Patch Changes

• 0f5c451: Updated dependency prettier to 3.4.2.
• 064b809: Updated dependency start-server-and-test to 2.0.9.
• 18f9d9d: Updated dependency @types/node to 18.19.68.
• 4eef4d1: Updated dependency @playwright/test to 1.49.1.

v1.33.4

Compare Source

Patch Changes

• 27c3f1f: Fix role overview page styling issues

v1.33.3

Compare Source

Patch Changes

• aa02f04: Updated dependency @playwright/test to 1.49.0.
• 4b3653a: Clean up api report warnings and remove unnecessary files
• Updated dependencies [4b3653a]
  • @​backstage-community/plugin-rbac-common@​1.12.3

microsoft/playwright (@​playwright/test)

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

• New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
• The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

• The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
• Supported expect.soft.poll(...).
• New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
• New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
• testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
• New -G command line shorthand for --grep-invert.

🛠️ Other improvements

• Playwright now supports Ubuntu 26.04.
• HAR and trace recordings now include WebSocket requests.

Browser Versions

• Chromium 149.0.7827.55
• Mozilla Firefox 151.0
• WebKit 26.5

This version was also tested against the following stable channels:

• Google Chrome 149
• Microsoft Edge 149

redhat-developer/rhdh-plugins (@​red-hat-developer-hub/backstage-plugin-theme)

v0.14.7

Compare Source

Patch Changes

• 4d80582: fix(RHDHBUGS-2291): use &.Mui-selected syntax for MuiBottomNavigationAction to resolve CSS specificity console warning

v0.14.5

Compare Source

Patch Changes

• 82cc47d: Fixed the background color of myGroup sidebar submenu in light theme

v0.14.4

Compare Source

Patch Changes

• 5148408: Migrated to Jest 30 as required by @​backstage/cli 0.36.0.

v0.14.3

Compare Source

Patch Changes

• 54b7c9e: style the active sidebar nav link (a[aria-current="page"]) so selected colors match the resolved navigation shell

v0.14.2

Compare Source

Patch Changes

• ee1def6: Align the navigation sidebar with merged palette.navigation and rhdh.general colors, including submenu rows and selected/active BackstageSidebarItem states. Add rhdh.general.pageInsetBackgroundColor so the page inset shell can use its own color (defaults match the previous app bar fill; falls back to appBarBackgroundColor when unset). Main content area remains on mainSectionBackgroundColor.

v0.14.1

Compare Source

Patch Changes

• 8d1eee2: Add missing font css reference so that the Red Hat font is used again.

v0.14.0

Compare Source

Minor Changes

• 0b7c442: Add and export RHDH logo components as LogoFull and LogoIcon
• 0b7c442: Backstage version bump to v1.49.2

v0.13.0

Compare Source

Minor Changes

• 9476d25: Added NFS support.

v0.12.3

Compare Source

v0.12.2

Compare Source

v0.12.1

Compare Source

Patch Changes

• 29042bc: Fixing the inconsitent edges of filter section on catalog page

NaturalIntelligence/fast-xml-builder (fast-xml-builder)

v1.2.0

Compare Source

v1.1.9

Compare Source

v1.1.8

Compare Source

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.9.0: update strnum, use is-unsafe

Compare Source

• update strnum to 2.3.0
  • you can set hex, binary, enotation, infinity, unicode
• validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.

v5.8.0: update strnum, FXB. Use xml-naming for DOCTYPE

Compare Source

• integrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)
  • This will consider xml-version as well. '1.0' is default
• update strnum to 2.3.0
  • You can set octal and binary parsing which is by deault off
• update fast-xml-builder to 1.2.0
  • can sanitize tag names if found invalid
  • fix format output

beaugunderson/ip-address (ip-address)

v10.2.0

Compare Source

s3u/JSONPath (jsonpath-plus)

v10.4.0

Compare Source

• chore: update devDeps.
• docs: fix Markdown formatting of examples in README.md (#​230) (@​aspiers)
• feat: add void operator (#​244) (@​80avin)
• build(deps): bump qs from 6.14.0 to 6.14.1 (#​248) (@​dependabot[bot])
• chore: update security policy (#​250) (@​80avin)
• build(deps): bump lodash from 4.17.21 to 4.17.23 (#​249) (@​dependabot[bot])
• fix(eval): rce using lookupGetter or lookupSetter (1bab1cc) (@​80avin)

markdown-it/markdown-it (markdown-it)

v14.2.0

Compare Source

Added

• isPunctCharCode to utilities.

Fixed

• Don't end HTML comment blocks on a blank line, [#​1155](https://redirect.github.com/

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[rhdh-gh-app]

Changed Packages

Package Name	Package Path	Changeset Bump	Current Version
app	workspaces/cost-management/packages/app	none	v0.0.5

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.62%. Comparing base (af16169) to head (d843bf8).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3372   +/-   ##
=======================================
  Coverage   53.62%   53.62%           
=======================================
  Files        2256     2256           
  Lines       85870    85870           
  Branches    24159    24159           
=======================================
  Hits        46047    46047           
  Misses      38296    38296           
  Partials     1527     1527           

Flag	Coverage Δ		*Carryforward flag
adoption-insights	83.70% <ø> (ø)		Carriedforward from af16169
ai-integrations	67.95% <ø> (ø)		Carriedforward from af16169
app-defaults	69.79% <ø> (ø)		Carriedforward from af16169
augment	46.39% <ø> (ø)		Carriedforward from af16169
boost	100.00% <ø> (ø)		Carriedforward from af16169
bulk-import	72.46% <ø> (ø)		Carriedforward from af16169
cost-management	14.10% <ø> (ø)
dcm	61.79% <ø> (ø)		Carriedforward from af16169
extensions	61.53% <ø> (ø)		Carriedforward from af16169
global-floating-action-button	71.18% <ø> (ø)		Carriedforward from af16169
global-header	59.71% <ø> (ø)		Carriedforward from af16169
homepage	49.92% <ø> (ø)		Carriedforward from af16169
install-dynamic-plugins	56.23% <ø> (ø)		Carriedforward from af16169
konflux	91.49% <ø> (ø)		Carriedforward from af16169
lightspeed	68.57% <ø> (ø)		Carriedforward from af16169
mcp-integrations	85.46% <ø> (ø)		Carriedforward from af16169
orchestrator	37.75% <ø> (ø)		Carriedforward from af16169
quickstart	63.76% <ø> (ø)		Carriedforward from af16169
sandbox	79.56% <ø> (ø)		Carriedforward from af16169
scorecard	83.96% <ø> (ø)		Carriedforward from af16169
theme	61.26% <ø> (ø)		Carriedforward from af16169
translations	7.25% <ø> (ø)		Carriedforward from af16169
x2a	78.68% <ø> (ø)		Carriedforward from af16169

*This pull request uses carry forward flags. Click here to find out more.

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af16169...d843bf8. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud