From eb97328e74772691f7619b8acb1455c63be2adc0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 13 Feb 2026 00:08:33 +0000
Subject: [PATCH] fix: plugins/auth-backend/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-15252993
- https://snyk.io/vuln/SNYK-JS-WEBPACK-15235959
- https://snyk.io/vuln/SNYK-JS-WEBPACK-15235969
- https://snyk.io/vuln/SNYK-JS-QS-15268416
---
 plugins/auth-backend/package.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/plugins/auth-backend/package.json b/plugins/auth-backend/package.json
index 4e7f80afaf2f80..22f717d371d147 100644
--- a/plugins/auth-backend/package.json
+++ b/plugins/auth-backend/package.json
@@ -32,12 +32,12 @@
     "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "workspace:^",
-    "@backstage/catalog-client": "workspace:^",
+    "@backstage/backend-common": "0.24.1",
+    "@backstage/catalog-client": "0.2.0",
     "@backstage/catalog-model": "workspace:^",
-    "@backstage/config": "workspace:^",
+    "@backstage/config": "0.1.1",
     "@backstage/errors": "workspace:^",
-    "@backstage/plugin-auth-node": "workspace:^",
+    "@backstage/plugin-auth-node": "0.6.0",
     "@backstage/types": "workspace:^",
     "@davidzemon/passport-okta-oauth": "^0.0.5",
     "@google-cloud/firestore": "^6.0.0",
@@ -47,7 +47,7 @@
     "connect-session-knex": "^3.0.1",
     "cookie-parser": "^1.4.5",
     "cors": "^2.8.5",
-    "express": "^4.17.1",
+    "express": "^4.22.0",
     "express-promise-router": "^4.1.0",
     "express-session": "^1.17.1",
     "fs-extra": "10.1.0",
@@ -63,7 +63,7 @@
     "node-fetch": "^2.6.7",
     "openid-client": "^5.2.1",
     "passport": "^0.6.0",
-    "passport-auth0": "^1.4.3",
+    "passport-auth0": "^1.4.4",
     "passport-bitbucket-oauth2": "^0.1.2",
     "passport-github2": "^0.1.12",
     "passport-gitlab2": "^5.0.0",