[Snyk] Security upgrade @backstage/cli from 0.26.11 to 0.29.2

[johnnyhuy]

User description

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• packages/app/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	576

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

---

PR Type

enhancement, dependencies

---

Description

• Upgraded the @backstage/cli dependency from version 0.26.10 to 0.29.2 to address security vulnerabilities.
• This update is intended to fix vulnerabilities identified by Snyk, specifically a Cross-site Scripting (XSS) issue.
• Users of Yarn's zero-installs feature should run yarn to update the cache directory.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade @backstage/cli to address vulnerabilities                packages/app/package.json Upgraded @backstage/cli dependency from version 0.26.10 to 0.29.2. Addressed vulnerabilities by updating the package version. +1/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[echohello-codium-ai-pr-agent]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the PR involves a simple version update in a package.json file, which is straightforward and typically does not require extensive review.
🧪 Relevant tests	No
⚡ Possible issues	Possible Bug: The PR mentions that the yarn.lock file failed to update. This needs to be addressed to ensure that the correct versions of dependencies are used and to maintain the integrity of the dependency tree.
🔒 Security concerns	No

[echohello-codium-ai-pr-agent]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible issue	Verify compatibility of the updated @backstage/cli version with the project Ensure that the version bump of @backstage/cli from 0.26.11 to 0.29.2 does not introduce breaking changes or require additional updates to other related dependencies. It's recommended to check the changelog of @backstage/cli for any breaking changes or new peer dependency requirements that might affect the current project setup. packages/app/package.json [19] -"@backstage/cli": "^0.29.2", +"@backstage/cli": "^0.29.2", // Ensure compatibility with other packages Suggestion importance[1-10]: 8 Why: The suggestion correctly highlights the importance of checking for breaking changes or new dependencies when updating a package version. This is crucial for maintaining project stability and ensuring compatibility with other dependencies.	8