fix(deps): update rhdh lightspeed dependencies (minor)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@backstage-community/plugin-rbac-backend (source)	7.12.4 → 7.13.0
@patternfly/react-core	6.4.3 → 6.5.1
@red-hat-developer-hub/backstage-plugin-theme (source)	^0.12.0 → ^0.14.0
infinispan	0.13.0 → 0.15.0
langsmith	^0.6.0 → ^0.7.0
llama-stack-client	^0.5.0 → ^0.7.0
msw (source)	2.12.10 → 2.14.6

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

backstage/community-plugins (@​backstage-community/plugin-rbac-backend)

v7.13.0

Compare Source

Minor Changes

• 6a916a1: Backstage version bump to v1.50.4

Patch Changes

• Updated dependencies [6a916a1]
  • @​backstage-community/plugin-rbac-common@​1.27.0
  • @​backstage-community/plugin-rbac-node@​1.21.0

v7.12.5

Compare Source

Patch Changes

• 39a3942: Hardens RBAC policy handling to prevent Casbin CSV poisoning and improve error visibility.

  Key fixes:

  • Rejects permission policy permission values containing " before persistence (prevents known CSV parse failures).
  • Rethrows loadPolicy failures after audit logging so mutation/read paths surface the root cause instead of secondary errors.
  • Improves policy API request validation and missing-role handling (400/404 where appropriate).
  • Validates default configured permissions/admin refs with the same stricter checks used by runtime write paths.
  • Strengthens conditional and plugin-id payload validation and aligns owner filtering behavior for default roles.

  Compatibility notes:

  • Requests/config entries using permission values with embedded " are now rejected.
  • Conditional policy payloads and conditional YAML ingestion now enforce limits.
  • Conditional permissionMapping must list distinct Backstage permission actions (no duplicates); at most one entry per supported action (create, read, update, delete, use).
  • Plugin ID registration payloads now enforce count/length/duplicate checks.
  • For larger existing payloads, limits are configurable via:
  • permission.rbac.validation.conditionalPolicies.maxConditionDepth
  • permission.rbac.validation.conditionalPolicies.maxConditionNodeCount
  • permission.rbac.validation.conditionalPolicies.maxCriteriaItems
  • permission.rbac.validation.conditionalPoliciesFile.maxBytes
  • permission.rbac.validation.conditionalPoliciesFile.maxDocuments

  Operational note:

  • CSV policy files are parsed line-by-line; malformed lines are skipped with warnings instead of aborting the entire file load.

patternfly/patternfly-react (@​patternfly/react-core)

v6.5.1

Compare Source

v6.5.0

Compare Source

What's Changed

• chore(Tabs): Update separate content examples by @​rebeccaalpert in #​12021
• fix(Progress): Fixed to use the correct icon for danger variant by @​tlabaj in #​12073
• feat(Wizard): warning step status by @​gitdallas in #​12041
• feat(Radio/Checkbox): support for aria-describedBy by @​gitdallas in #​12042
• docs(CodeEditor): add configuration example from OCP by @​logonoff in #​12026
• fix(DrawerPanelContent): fix issue with styles overriding by @​gitdallas in #​12039
• chore(miscellaneous): update examples and demos to typescript by @​Mash707 in #​12056
• chore(flex): convert examples to typescript part-1 by @​Mash707 in #​12058
• chore(docs): Update ModalWithDropdown example by @​rebeccaalpert in #​12061
• feat(ExpandableSection): added aria labeling by @​thatblindgeye in #​12071
• chore(panel): move examples to separate files by @​Mash707 in #​12036
• fix(Nav): updated resizeObserver for horizontal overflow by @​thatblindgeye in #​12070
• fix(CodeEditorControl): make icon prop optional by @​logonoff in #​12068
• chore(menu toggle): move examples to separate files by @​Mash707 in #​12034
• chore(flex): convert examples to typescript part-2 by @​Mash707 in #​12059
• chore(miscellaneous): update demo flags from js to ts by @​Mash707 in #​12054
• chore(password generator, button): move demos to separate files by @​Mash707 in #​12035
• chore(alert): move examples to individual files by @​Mash707 in #​11957
• feat(Table): use pf check/radio for selects by @​gitdallas in #​12045
• chore(deps): update dependency glob to ^11.0.3 by @​renovate[bot] in #​11948
• chore(deps): update dependency eslint-plugin-react to ^7.37.5 by @​renovate[bot] in #​11945
• chore(deps): update dependency eslint-config-prettier to ^10.1.8 by @​renovate[bot] in #​11944
• chore(deps): update dependency @​types/lodash to ^4.17.20 by @​renovate[bot] in #​11937
• chore(deps): update dependency @​adobe/css-tools to ^4.4.4 by @​renovate[bot] in #​11936
• feat(CC-batch-6): added batch 6 by @​mattnolting in #​11868
• fix(deps): update dependency @​monaco-editor/react to ^4.7.0 by @​renovate[bot] in #​11527
• fix(deps): update react-router monorepo to ^7.9.4 by @​renovate[bot] in #​11692
• feat(CC-batch-7): added batch 7 by @​mattnolting in #​11869
• chore(deps): update babel monorepo by @​renovate[bot] in #​11448
• feat(ActionList): Add isVertical variant by @​rebeccaalpert in #​12090
• feat(Button): added circle variant by @​thatblindgeye in #​12092
• techdebt(Menu): remove disableHover by @​gitdallas in #​12064
• feat(Compass): add Compass components by @​kmcfaul in #​12093
• feat(Drawer): Add pill version by @​rebeccaalpert in #​12091
• feat(ExpandableSection): functional toggleContent by @​gitdallas in #​12063
• fix(PageSidebar): sidebar flash on non-mobile by @​gitdallas in #​12040
• feat(Progress): add hideStatusIcon flag by @​gitdallas in #​12038
• fix(ExpandableSection): allow toggles proper dom structured headings by @​gitdallas in #​12037
• fix(Truncate): remove resize observer by @​gitdallas in #​12055
• feat: Add plain variants for table and data list. by @​dlabaj in #​12112
• feat: Added Tab updates for site Navigation by @​dlabaj in #​12111
• Adds CardDescription component by @​dlabaj in #​12105
• fix(Compass): fix sidebars in demo by @​kmcfaul in #​12117
• chore(Compass): added tests for new variants by @​thatblindgeye in #​12122
• feat(drawer): add no-glass panel variant, test by @​mcoker in #​12125
• fix(Compass): fix table plain example showing by @​kmcfaul in #​12124
• fix(Compass): wrap in DrawerContentBody when drawer is passed by @​kmcfaul in #​12127
• fix: Moved compass component to generative ui. by @​dlabaj in #​12133
• fix: Added missing docs config side nav. by @​dlabaj in #​12134
• feat(Hero): added component by @​thatblindgeye in #​12131
• feat(Compass): updated mainheader structure to be composable by @​thatblindgeye in #​12135
• fix: Moves items to new nav. by @​edonehoo in #​12013
• fix(Compass): get props tables rendering correctly by @​nicolethoen in #​12142
• feat(Compass): add compass nav components by @​wise-king-sullyman in #​12138
• feat(Compass): add CompassMainFooter by @​kmcfaul in #​12137
• feat(react-icons): add rhds icons by @​mcoker in #​12143
• chore: fix noGlass test name by @​mcoker in #​12129
• feat: add font size control to CodeEditorConfigurationModal example by @​logonoff in #​12113
• feat(ExpandableSection): Allow more control over toggle icon by @​rebeccaalpert in #​12051
• feat(Dropdown): Add optional container with ouiaId by @​rebeccaalpert in #​12022
• chore: Added isBeta to examples by @​dlabaj in #​12150
• feat(react-icons): update to create static SVGs by @​mcoker in #​12154
• fix: fixes broken docs link. by @​edonehoo in #​12157
• feat(Compass): add isPill to Drawer by default by @​kmcfaul in #​12151
• fix(layouts): update example css & classnames by @​nicolethoen in #​12145
• fix(deps): update dependency focus-trap to v7.6.6 by @​renovate[bot] in #​12102
• fix(form): keep required asterisk from orphaning by @​mcoker in #​11961
• fix(Drawer): update refs in examples by @​fallmo in #​12152
• fix(DrawerPanelContent): add inert when drawer is closed by @​logonoff in #​12027
• chore(deps): update dependency plop to ^4.0.4 by @​renovate[bot] in #​12099
• chore(deps): update dependency lerna to ^8.2.4 by @​renovate[bot] in #​12097
• chore(deps): update dependency @​types/react to ^18.3.27 by @​renovate[bot] in #​12095
• chore(deps): update dependency publint to ^0.3.16 by @​renovate[bot] in #​12100
• chore(deps): update testing-library monorepo by @​renovate[bot] in #​12101
• fix: remove rh social icon set by @​mcoker in #​12164
• docs(compass): Content review and edits. by @​edonehoo in #​12158
• fix(react-templates): fix TypeaheadSelect state synchronization issue by @​akhatri-cmyk in #​12147
• feat(docked nav): add support for docked nav layout by @​kmcfaul in #​12175
• fix(Wizard): Fix crash in nav when first sub-step is hidden by @​ochosi in #​12166
• Fix formatting in README.md to perform a release. by @​dlabaj in #​12182
• Bump version to 6.5.0-prerelease.10 by @​dlabaj in #​12183
• Fix formatting in README.md by @​dlabaj in #​12184
• Fixed readme. by @​dlabaj in #​12185
• Updated readme.md by @​dlabaj in #​12186
• chore(dropdown): add split button action example by @​Mash707 in #​11753
• feat(ClipboardCopy): added textinput callbacks and props by @​gautamkrishnar in #​12180
• chore(deps): update dependency @​testing-library/react to ^16.3.1 by @​renovate[bot] in #​12181
• chore(deps): update dependency lint-staged to ^15.5.2 by @​renovate[bot] in #​12098
• chore(deps): update dependency concurrently to ^9.2.1 by @​renovate[bot] in #​12172
• chore(deps): update dependency @​types/lodash to ^4.17.21 by @​renovate[bot] in #​12167
• chore(deps): update dependency @​vitejs/plugin-react-swc to ^3.11.0 by @​renovate[bot] in #​12171
• chore(actions): fix failing workflow using outputs by @​gautamkrishnar in #​12179
• chore(miscellaneous): update demo flags from js to ts by @​Mash707 in #​12197
• chore(miscellaneous): update demo and example flags from js to ts by @​Mash707 in #​12198
• fix(Label): render add variant labels as buttons by @​fallmo in #​12192
• chore(miscellaneous): update flags from js to ts by @​Mash707 in #​12200
• chore(grid,stack): update examples flags from js to ts by @​Mash707 in #​12199
• chore(deps): update dependency monaco-editor to ^0.55.1 by @​renovate[bot] in #​12191
• chore(deps): update dependency glob to ^11.1.0 by @​renovate[bot] in #​12190
• chore(deps): update dependency cypress to ^14.5.4 by @​renovate[bot] in #​12187
• chore(deps): update dependency @​eslint/compat to ^1.4.1 by @​renovate[bot] in #​12169
• chore(wizard, date picker): update tags and examples from js to ts by @​Mash707 in #​12208
• fix(CodeEditor): prevent focus loss (#​12211) by @​ochosi in #​12212
• chore: Updated with snyk react router, and lodash requests. by @​dlabaj in #​12221
• feat(react-icons): add newest rh brand icons by @​nicolethoen in #​12222
• feat(TreeView): add support for disabled TreeViewListItems by @​kmcfaul in #​12140
• chore(deps): update dependency eslint-plugin-prettier to ^5.5.5 by @​renovate[bot] in #​12188
• chore(deps): update dependency fs-extra to ^11.3.3 by @​renovate[bot] in #​12096
• feat(GH): update feature template by @​kmcfaul in #​12225
• fix(FileUploadField): don't render empty dom node by @​logonoff in #​12236
• fix(LoginPage): allow brand props passthrough make brand optional by @​fallmo in #​12194
• chore(deps): manually update a number of dependencies by @​nicolethoen in #​12227
• fix: update ToggleGroup examples to properly toggle options by @​arpanroy41 in #​12239
• chore(deps): update dependency @​patternfly/documentation-framework to ^6.36.0 by @​renovate[bot] in #​12233
• feat(icons): add swap support for mapped rh-ui icons by @​kmcfaul in #​12245
• fix(deps): update dependency @​patternfly/patternfly to v6.5.0-prerelease.43 by @​renovate[bot] in #​12230
• fix(react-drag-drop): support dynamic root element IDs in DragDropCon… by @​arpanroy41 in #​12240
• feat(Tabs): add tabListAriaLabel prop by @​fallmo in #​12193
• fix(CodeBlock): remove deprecated textId prop from ClipboardCopyButton example by @​fallmo in #​12242
• fix(DescriptionList): use correct token for termWidth by @​nicolethoen in #​12253
• fix(icons): update internal import specifier by @​kmcfaul in #​12265
• chore(deps): update dependency @​patternfly/documentation-framework to ^6.36.7 by @​renovate[bot] in #​12249
• fix: bump pf-core version 6.5.0-prerelease.55 by @​nicolethoen in #​12282
• Fix/nextjs hydration errors 12250 by @​arpanroy41 in #​12251
• feat(NotificationBadge): add support for plain variant by @​kmcfaul in #​12139
• chore(deps): update dependency @​types/react to ^18.3.28 by @​renovate[bot] in #​12246
• chore(deps): update dependency publint to ^0.3.18 by @​renovate[bot] in #​12229
• chore(deps): update dependency plop to ^4.0.5 by @​renovate[bot] in #​12228
• chore(deps): update dependency @​types/lodash to ^4.17.24 by @​renovate[bot] in #​12226
• feat(card): add isGlass prop by @​wise-king-sullyman in #​12290
• fix(Popper): add null & connected checks for document by @​kmcfaul in #​12284
• feat(icons): update close icons to use the rh micron by @​wise-king-sullyman in #​12283
• fix(deps): update dependency @​patternfly/patternfly to v6.5.0-prerelease.62 by @​renovate[bot] in #​12301
• feat(icons): updated caret icons to RH microns by @​thatblindgeye in #​12298
• fix(Menu): adjust initially drilled-in root menu height by @​tarunvashishth in #​12294
• feat(misc): update status icons to rh icons by @​kmcfaul in #​12291
• feat(Wizard): added plain styling by @​thatblindgeye in #​12289
• chore(deps): update dependency eslint-plugin-testing-library to ^7.16.2 by @​renovate[bot] in #​12302
• chore(deps): update dependency rimraf to ^6.1.3 by @​renovate[bot] in #​12300
• chore(deps): update dependency @​patternfly/documentation-framework to ^6.36.8 by @​renovate[bot] in #​12299
• feat(Table): update isPlain to apply no-plain when false by @​kmcfaul in #​12287
• fix(react-icons): add sideEffects: false to dist/esm/package.json by @​logonoff in #​12314
• feat(Page): added styles for glass by @​thatblindgeye in #​12293
• feat(Icons): updated cog icons to rh settings by @​thatblindgeye in #​12345
• feat(Accordion): Added isPlain and isNoPlainOnGlass prop to Accordion by @​tlabaj in #​12288
• feat(Data list): Add isNoPlainOnGlass prop to add pf-m-no-plain modfier to the data list by @​tlabaj in #​12292
• [Snyk] Security upgrade lodash from 4.17.23 to 4.18.1 by @​patternfly-build in #​12353
• feat(Menu toggle): Added support for a adding styling for a menu toggle in a form by @​tlabaj in #​12326
• chore(docs): Updated remaining TimesIcon to RhMicronsCloseIcon by @​tlabaj in #​12334
• feat(icon): apply rh-standard styling and add opt-out by @​kmcfaul in #​12320
• fix(Toolbar filter): Fixed null exception in Toolbar filter by @​tlabaj in #​12352
• feat(Page): added responsive docked nav by @​thatblindgeye in #​12327
• chore(docked content): replaced dock class with docked by @​thatblindgeye in #​12358
• feat(Table): support dynamic sticky styling by @​kmcfaul in #​12348
• feat(Panel, CompassPanel): Removed CompassPanel component. Updated Panel component for use in with compass by @​tlabaj in #​12372
• feat(ToggleGroup): added full width variant by @​thatblindgeye in #​12374
• chore(OutlinedQuestionCircleIcon): Update uses of OutlinedQuestionCircleIcon to use RhUiQuestionMarkCircleIcon by @​tlabaj in #​12379
• chore(BlueprintIcon): Update all uses of BlueprintIcon to use RhUiBlueprintIcon instead by @​tlabaj in #​12378
• chore(Star Icons): Replace all star FA icons with RH brand star icons by @​tlabaj in #​12371
• chore(QuestionCircleIcon): Replace all usages of QuestionCircleIcon with RhUiQuestionMarkCircleFillIcon by @​tlabaj in #​12370
• chore(ExternalLinkSquareAltIcon): Replace all usages of ExternalLinkSquareAltIcon with RhUiExternalLinkFillIcon by @​tlabaj in #​12366
• fix: Updated drag and drop to use the correct glass theme. by @​dlabaj in #​12306
• feat(Compass): added responsive docked compass by @​thatblindgeye in #​12382
• chore(EmptyState): Update use a RH brand icon in tests by @​tlabaj in #​12376
• feat(Toolbar): dynamic sticky by @​kmcfaul in #​12375
• feat(Toolbar,OverflowMenu): support responsive height vis breakpoints by @​kmcfaul in #​12347
• feat: update rhds icons to 2.2.0 by @​mcoker in #​12387
• fix(demos): fix AttributeValueFiltering menu selection by @​fallmo in #​12207
• chore(TextInputGroup): Added default as an option for validated by @​tlabaj in #​12349
• chore(Label): Added enums for LabelColor and LabelStatus by @​tlabaj in #​12338
• feat(Drawer): Added support for glass by @​tlabaj in #​12305
• chore(PlusCircleIcon): Replace all usages of PlusCircleIcon with RhUAddCircleFillIcon by @​tlabaj in #​12369
• chore(Compass): move docs to 'components' by @​nicolethoen in #​12403
• feat(Pagination): added dynamic sticky and plain by @​thatblindgeye in #​12388
• feat(CalendarMonth): add select appendTo passthrough by @​kmcfaul in #​12391
• fix(createIcon): Fix broken API in createIcon.tsx by @​tlabaj in #​12336
• feat(Page): add dynamic sticky section support by @​wise-king-sullyman in #​12409
• feat(Hero): glass styling update by @​kmcfaul in #​12412
• feat(Table): add indeterminate checkbox state support for select-all header by @​rhamilto in #​12411
• feat(react-charts): add high contrast by @​mcoker in #​12419
• feat(Compass): remove background props, update structure by @​kmcfaul in #​12408
• fix(DragDropSort): support custom drag button aria-label and fix falsy id overlay by @​logonoff in #​12417
• chore(Drawer): unskip integration test by @​thatblindgeye in #​12425
• feat(ver): core bump by @​kmcfaul in #​12427
• feat(ver): bump core to .93 by @​kmcfaul in #​12429

New Contributors

• @​fallmo made their first contribution in #​12152
• @​akhatri-cmyk made their first contribution in #​12147
• @​ochosi made their first contribution in #​12166
• @​arpanroy41 made their first contribution in #​12239
• @​tarunvashishth made their first contribution in #​12294

Full Changelog: patternfly/patternfly-react@v6.4.0...v6.5.0

redhat-developer/rhdh-plugins (@​red-hat-developer-hub/backstage-plugin-theme)

v0.14.7

Compare Source

Patch Changes

• 4d80582: fix(RHDHBUGS-2291): use &.Mui-selected syntax for MuiBottomNavigationAction to resolve CSS specificity console warning

v0.14.5

Compare Source

Patch Changes

• 82cc47d: Fixed the background color of myGroup sidebar submenu in light theme

v0.14.4

Compare Source

Patch Changes

• 5148408: Migrated to Jest 30 as required by @​backstage/cli 0.36.0.

v0.14.3

Compare Source

Patch Changes

• 54b7c9e: style the active sidebar nav link (a[aria-current="page"]) so selected colors match the resolved navigation shell

v0.14.2

Compare Source

Patch Changes

• ee1def6: Align the navigation sidebar with merged palette.navigation and rhdh.general colors, including submenu rows and selected/active BackstageSidebarItem states. Add rhdh.general.pageInsetBackgroundColor so the page inset shell can use its own color (defaults match the previous app bar fill; falls back to appBarBackgroundColor when unset). Main content area remains on mainSectionBackgroundColor.

v0.14.1

Compare Source

Patch Changes

• 8d1eee2: Add missing font css reference so that the Red Hat font is used again.

v0.14.0

Compare Source

Minor Changes

• 0b7c442: Add and export RHDH logo components as LogoFull and LogoIcon
• 0b7c442: Backstage version bump to v1.49.2

v0.13.0

Compare Source

Minor Changes

• 9476d25: Added NFS support.

v0.12.3

Compare Source

v0.12.2

Compare Source

v0.12.1

Compare Source

Patch Changes

• 29042bc: Fixing the inconsitent edges of filter section on catalog page

infinispan/js-client (infinispan)

v0.15.0

Compare Source

What's Changed

• Bump protobufjs from 7.5.5 to 7.5.6 by @​dependabot[bot] in #​154
• Skip redundant AUTH when SASL authentication is already complete by @​tristantarrant in #​156
• [#​157] Modernize build and test lifecycle by @​tristantarrant in #​158
• [#​148] Continuous query support by @​tristantarrant in #​151
• [#​145] Support hotrod:// URIs by @​tristantarrant in #​146

Full Changelog: infinispan/js-client@v0.14.0...v0.15.0

v0.14.0

Compare Source

What's Changed

• Fix all ESLint errors and warnings by @​tristantarrant in #​129
• Add Hot Rod protocol 3.1, 4.0, 4.1 and modernize test infrastructure by @​tristantarrant in #​130
• Add near caching support by @​tristantarrant in #​133
• Add distributed counter support by @​tristantarrant in #​134
• Add protocol auto-negotiation support by @​tristantarrant in #​136
• Replace server management with Docker Compose by @​tristantarrant in #​139
• Fix protocol 4.0+ header and add previous value metadata tests by @​tristantarrant in #​140
• Bump protobufjs from 7.5.4 to 7.5.5 by @​dependabot[bot] in #​144
• Add admin operations for cache lifecycle and schema management by @​tristantarrant in #​142

Full Changelog: infinispan/js-client@v0.13.0...v0.14.0

langchain-ai/langsmith-sdk (langsmith)

v0.7.7

Compare Source

What's Changed

• fix(js): subagent tool calls tracking for latest claude agent sdk by @​dqbd in #​2463
• release(js): 0.5.5 by @​dqbd in #​2464
• fix(j

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[rhdh-gh-app]

Changed Packages

Package Name	Package Path	Changeset Bump	Current Version
backend	workspaces/lightspeed/packages/backend	none	v0.0.59
@red-hat-developer-hub/backstage-plugin-lightspeed-backend	workspaces/lightspeed/plugins/lightspeed-backend	patch	v2.9.1
@red-hat-developer-hub/backstage-plugin-lightspeed	workspaces/lightspeed/plugins/lightspeed	patch	v2.9.1

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
790	1	789	0

View the top 1 failed test(s) by shortest run time

lightspeed router tests GET /v1/shields should load available shields without injecting user_id

Stack Traces | 0.038s run time

Error: expect(received).toHaveLength(expected)

Expected length: 1
Received length: 2
Received array:  ["http://127.0.0.1:8080/v1/shields", "http://127.0.0.1:8080/v1/shields"]
    at Object.toHaveLength (.../src/service/router.test.ts:231:28)
    at processTicksAndRejections (node:internal/process/task_queues:103:5)

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud