From e11a428b766a6ecb13a7c24d1a80b588d6837dea Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 22 Jan 2026 19:52:13 +0000
Subject: [PATCH] fix: plugins/auth-backend/package.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15038581
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844
- https://snyk.io/vuln/SNYK-JS-BACKSTAGEBACKENDPLUGINAPI-15054291
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
- https://snyk.io/vuln/SNYK-JS-LODASHES-15053836
- https://snyk.io/vuln/SNYK-JS-DIFF-14917201
---
 plugins/auth-backend/package.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/auth-backend/package.json b/plugins/auth-backend/package.json
index 4e7f80afaf2f80..e24fb95a5c6993 100644
--- a/plugins/auth-backend/package.json
+++ b/plugins/auth-backend/package.json
@@ -32,12 +32,12 @@
     "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "workspace:^",
-    "@backstage/catalog-client": "workspace:^",
+    "@backstage/backend-common": "0.25.0",
+    "@backstage/catalog-client": "0.2.0",
     "@backstage/catalog-model": "workspace:^",
-    "@backstage/config": "workspace:^",
+    "@backstage/config": "0.1.1",
     "@backstage/errors": "workspace:^",
-    "@backstage/plugin-auth-node": "workspace:^",
+    "@backstage/plugin-auth-node": "0.6.0",
     "@backstage/types": "workspace:^",
     "@davidzemon/passport-okta-oauth": "^0.0.5",
     "@google-cloud/firestore": "^6.0.0",
@@ -55,7 +55,7 @@
     "jose": "^4.6.0",
     "jwt-decode": "^3.1.0",
     "knex": "^2.0.0",
-    "lodash": "^4.17.21",
+    "lodash": "^4.17.23",
     "luxon": "^3.0.0",
     "minimatch": "^5.0.0",
     "morgan": "^1.10.0",