build(deps): bump koa, @nx/angular and @nx/react

[dependabot]

Bumps koa to 2.16.1 and updates ancestor dependencies koa, @nx/angular and @nx/react. These dependencies need to be updated together.

Updates koa from 2.15.4 to 2.16.1

Release notes

Sourced from koa's releases.

v2.16.1

fix: don't render redirect values in anchor ref

2.16.0

This is a backported release to fix core underlying issue with HEAD requests when using http2.createSecureServer. See discussion at koajs/koa#1593 and koajs/koa#1547.

• fix missing cleanup, if response socket is no longer writeable (issue 1547) (koajs/koa#1593) 399cb6b0dd2104224c0ef0ce8e92f84e4f7faf42

Commits

• ba14822 2.16.1
• 2ff6c3f 2.16.0
• 3d51d03 ci: allow codecov to fail
• eb84d89 fix: don't render redirect values in anchor ref
• See full diff in compare view

Updates @nx/angular from 21.2.0 to 21.2.2

Release notes

Sourced from @​nx/angular's releases.

21.2.2 (2025-07-02)

🚀 Features

• bundling: add useLegacyTypescriptPlugin option to migrate from rollup-plugin-typescript2 (#31718, #30488)
• core: pass in progress task outputs to tui for non-direct child processes (#31655)
• core: add CI warning for missing remote cache solution (#31678)
• core: enhance native cache operations with comprehensive logging (#31652)
• graph: enhance migration state management and introduce migration stopping functionality. (#31626)
• module-federation: bump @​module-federation/enhanced version to 0.15.0 to fix vulnerability (#30806, #30502, #30748)

🩹 Fixes

• angular: respect skipTsConfig option in library generator (#31738, #31185)
• angular: improve indexHtmlTransformer documentation (#31742, #30831)
• angular: expand nx tokens in project configurations when running schematic migrations (#31526, #29052)
• bundling: respect decision to create babelrc file (#31755, #31582)
• core: do not auto-exit tui when there are multiple failed tasks (#31631)
• core: improve error handling in daemon server (#31728, #31407, #31567)
• core: resolve package.json for @​nx/js to improve plugin detection (#31770)
• core: update nx to version 21.3.0-beta.0 (#31771)
• core: allow any framework value in preset generator schema (#31665)
• docs: add missing --project parameter to Angular service generation command (#31735, #31410)
• expo: respect --unit-test-runner=none properly when generating expo apps and libs (#31754, #30366)
• gradle: add dependsOn outputs to inputs dependentTasksOutputFiles (#31683)
• js: failing e2e test due to dependency (#31676)
• js: resolve asset paths relative to workspace root instead of cwd (#31664)
• js: improve typescript plugin build detection (#31533, #29670)
• linter: correct lintFilePatterns documentation to show it's optional (#31744, #29648)
• linter: update lint executor to always log errors and stack traces (#31757, #21630)
• linter: refactor checking if the identifier is a function via tsquery (#31792)
• module-federation: ensure manifest path not prepended with workspace root (#31698, #31524)
• module-federation: restore support for relative URLs in module federation remotes (#31723, #30615, #31538)
• nextjs: use next/jest.js for Jest configuration to support modern JSX transform (#31705, #27900)
• node: ensure args are set in target correctly (#31758, #31578)
• node: reorder addPlugin in normalizeOptions return object (#31785)
• nuxt: fix TypeScript configuration chain for Nuxt components and composables (#31701, #30742)
• nx-dev: small adjustment to the blog post (550c7e37da)
• nx-dev: pinning logic on blog entry page (c747d3f172)
• nx-dev: update sorting of pinned posts (74e77e18f2)
• react: do not set styles.tailwind for executor options for projects not using inferred targets (#31667)
• react: add .js extensions to subpath imports in module federation templates (#31730, #31448)
• storybook: handle hyphenated framework names in pnpm dependency installation (#31760, #31292)
• testing: do not update component configuration in cypress set-inject-document-domain migration (#31614, #31610)
• testing: correct Playwright grep documentation from glob to regex (#31743, #30181)
• testing: do not re-add vscode recommended extension for jest after initial jest setup (#31745, #29345)
• testing: prefer using tsconfig.spec.json when loading jest config in plugin (#31726, #31351)
• testing: unset customConditions when running the open-cypress inferred task (#31687, #31616)
• vite: fix the build command for the deps in the vite tsconfig paths plugin (#31729, #31333)
• vite: resolve outDir path correctly for nested monorepos (#31741, #31234)

... (truncated)

Commits

• 1b3d616 fix(angular): improve indexHtmlTransformer documentation (#31742)
• 81fa01f fix(angular): respect skipTsConfig option in library generator (#31738)
• cb49e13 fix(module-federation): restore support for relative URLs in module federatio...
• 865abbc feat(module-federation): bump @​module-federation/enhanced version to 0.15.0 t...
• e1dfe6e fix(angular): handle inferred projects without project configuration files in...
• bf9c677 fix(angular): fix import from ng-packagr (#31600)
• See full diff in compare view

Updates @nx/react from 21.2.0 to 21.2.2

Release notes

Sourced from @​nx/react's releases.

21.2.2 (2025-07-02)

🚀 Features

• bundling: add useLegacyTypescriptPlugin option to migrate from rollup-plugin-typescript2 (#31718, #30488)
• core: pass in progress task outputs to tui for non-direct child processes (#31655)
• core: add CI warning for missing remote cache solution (#31678)
• core: enhance native cache operations with comprehensive logging (#31652)
• graph: enhance migration state management and introduce migration stopping functionality. (#31626)
• module-federation: bump @​module-federation/enhanced version to 0.15.0 to fix vulnerability (#30806, #30502, #30748)

🩹 Fixes

• angular: respect skipTsConfig option in library generator (#31738, #31185)
• angular: improve indexHtmlTransformer documentation (#31742, #30831)
• angular: expand nx tokens in project configurations when running schematic migrations (#31526, #29052)
• bundling: respect decision to create babelrc file (#31755, #31582)
• core: do not auto-exit tui when there are multiple failed tasks (#31631)
• core: improve error handling in daemon server (#31728, #31407, #31567)
• core: resolve package.json for @​nx/js to improve plugin detection (#31770)
• core: update nx to version 21.3.0-beta.0 (#31771)
• core: allow any framework value in preset generator schema (#31665)
• docs: add missing --project parameter to Angular service generation command (#31735, #31410)
• expo: respect --unit-test-runner=none properly when generating expo apps and libs (#31754, #30366)
• gradle: add dependsOn outputs to inputs dependentTasksOutputFiles (#31683)
• js: failing e2e test due to dependency (#31676)
• js: resolve asset paths relative to workspace root instead of cwd (#31664)
• js: improve typescript plugin build detection (#31533, #29670)
• linter: correct lintFilePatterns documentation to show it's optional (#31744, #29648)
• linter: update lint executor to always log errors and stack traces (#31757, #21630)
• linter: refactor checking if the identifier is a function via tsquery (#31792)
• module-federation: ensure manifest path not prepended with workspace root (#31698, #31524)
• module-federation: restore support for relative URLs in module federation remotes (#31723, #30615, #31538)
• nextjs: use next/jest.js for Jest configuration to support modern JSX transform (#31705, #27900)
• node: ensure args are set in target correctly (#31758, #31578)
• node: reorder addPlugin in normalizeOptions return object (#31785)
• nuxt: fix TypeScript configuration chain for Nuxt components and composables (#31701, #30742)
• nx-dev: small adjustment to the blog post (550c7e37da)
• nx-dev: pinning logic on blog entry page (c747d3f172)
• nx-dev: update sorting of pinned posts (74e77e18f2)
• react: do not set styles.tailwind for executor options for projects not using inferred targets (#31667)
• react: add .js extensions to subpath imports in module federation templates (#31730, #31448)
• storybook: handle hyphenated framework names in pnpm dependency installation (#31760, #31292)
• testing: do not update component configuration in cypress set-inject-document-domain migration (#31614, #31610)
• testing: correct Playwright grep documentation from glob to regex (#31743, #30181)
• testing: do not re-add vscode recommended extension for jest after initial jest setup (#31745, #29345)
• testing: prefer using tsconfig.spec.json when loading jest config in plugin (#31726, #31351)
• testing: unset customConditions when running the open-cypress inferred task (#31687, #31616)
• vite: fix the build command for the deps in the vite tsconfig paths plugin (#31729, #31333)
• vite: resolve outDir path correctly for nested monorepos (#31741, #31234)

... (truncated)

Commits

• 4050e97 fix(vite): ensure path aliases are not replaced when building vite projects a...
• ffb3514 fix(react): add .js extensions to subpath imports in module federation templa...
• cb49e13 fix(module-federation): restore support for relative URLs in module federatio...
• 865abbc feat(module-federation): bump @​module-federation/enhanced version to 0.15.0 t...
• a2eff63 fix(react): do not set styles.tailwind for executor options for projects not ...
• 40cf21b feat(react): support port option for react app generator (#31552)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
packages/web-component/package.json	37% smaller
package.json	2% smaller
package-lock.json	Unsupported file format
packages/angular-demo/package.json	0% smaller
packages/web-component/src/components.d.ts	0% smaller

[github-actions]

PR Preview Action v1.6.2
Preview removed because the pull request was closed.
2025-07-22 18:51 UTC

[joanise]

Looks good, thank Serge for extending the bumps for other related packages.

[joanise]

This will be ready to merge once #391 is merged.