[Snyk] Security upgrade @backstage/cli from 0.26.11 to 0.27.1

[johnnyhuy]

User description

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• packages/app/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

PR Type

Bug fix, Dependencies

---

Description

• Upgraded @backstage/cli dependency from version 0.26.10 to 0.27.1 to address a security vulnerability.
• The upgrade fixes the vulnerability identified as SNYK-JS-INFLIGHT-6095116.
• Note for zero-install users: Run yarn to update the contents of the ./yarn/cache directory.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade @backstage/cli to fix security vulnerability          packages/app/package.json Upgraded @backstage/cli from version 0.26.10 to 0.27.1. Addressed a security vulnerability related to SNYK-JS-INFLIGHT-6095116. +1/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[echohello-codium-ai-pr-agent]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the PR involves a simple version bump in a package.json file, which is straightforward to review.
🧪 Relevant tests	No
⚡ Possible issues	Possible Dependency Issue: The PR mentions a failure to update the yarn.lock file, which could lead to inconsistencies or unresolved dependencies. It's recommended to update the yarn.lock file manually before merging.
🔒 Security concerns	No

[echohello-codium-ai-pr-agent]

PR Code Suggestions ✨

Category	Suggestion	Score
Compatibility	Update related @backstage dependencies to match the new @backstage/cli version Consider updating other related @backstage dependencies to ensure compatibility with the new version of @backstage/cli. This can help avoid potential issues with mismatched versions that might not be compatible with each other. packages/app/package.json [19] "@backstage/cli": "^0.27.1", +"@backstage/core-app-api": "^1.14.0", # Example version update +"@backstage/core-components": "^0.15.0", # Example version update +"@backstage/core-plugin-api": "^1.10.0" # Example version update Suggestion importance[1-10]: 8 Why: Ensuring compatibility between related dependencies is crucial to avoid potential issues with mismatched versions. This suggestion is relevant and can help maintain the stability of the application.	8