Merge commit from fork

Signed-off-by: Bond Yan <bondy@spotify.com>
Co-authored-by: Bond Yan <bondy@spotify.com>

.changeset/cyan-facts-doubt.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-techdocs-node': patch
+---
+
+Removed `INHERIT` from the `ALLOWED_MKDOCS_KEYS` set to address a security concern with MkDocs configuration inheritance.

plugins/techdocs-node/src/stages/generate/helpers.test.ts

@@ -885,6 +885,32 @@ another_unknown: true
       );
     });
 
+    it('should remove the INHERIT key to prevent loading unsanitized parent configs', async () => {
+      const mkdocsWithInherit = `INHERIT: ../parent.yml
+site_name: Test
+`;
+      mockDir.setContent({
+        'mkdocs_inherit.yml': mkdocsWithInherit,
+      });
+
+      await sanitizeMkdocsYml(
+        mockDir.resolve('mkdocs_inherit.yml'),
+        mockLogger,
+      );
+
+      const updatedMkdocsYml = await fs.readFile(
+        mockDir.resolve('mkdocs_inherit.yml'),
+      );
+      const parsedYml = yaml.load(updatedMkdocsYml.toString()) as Record<
+        string,
+        unknown
+      >;
+
+      expect(parsedYml.INHERIT).toBeUndefined();
+      expect(parsedYml.site_name).toBe('Test');
+      expect(warn).toHaveBeenCalledWith(expect.stringContaining('INHERIT'));
+    });
+
     it('should remove hooks with duplicate merge keys and top-level anchors', async () => {
       mockDir.setContent({
         'mkdocs_duplicate_merge.yml': mkdocsYmlWithDuplicateMergeHooks,

plugins/techdocs-node/src/stages/generate/helpers.ts

@@ -309,7 +309,6 @@ export const ALLOWED_MKDOCS_KEYS = new Set([
   'validation',
   // Deprecated
   'google_analytics',
-  'INHERIT',
 ]);
 
 /**