Skip to content

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025

Bumps nx from 21.6.3 to 21.6.4.

Release notes

Sourced from nx's releases.

21.6.4 (2025-10-08)

🚀 Features

  • core: prompt for ai agent files on nx init (#32889)
  • core: add --check=all flag to configure-ai-agents (#32968)
  • nest: ensure dependencies are added to project's package.json #32548 (#32986, #32548)
  • nx-cloud: update description on nx login and logout (#31344)
  • vite: add buildable libs support for vitest (#32973)

🩹 Fixes

  • angular-rspack: do not parse json with babel #32690 (#32966, #32690)
  • bundling: postcss-cli-resources should handle relative deploy url #32714 (#32762, #32714)
  • core: upgrade axios to 1.12.0 to address CVE-2025-58754 (#32712)
  • core: repair repo root on setupAiAgents in nx init (#32984)
  • core: remove requirement to be in a package manager workspace (#32992)
  • core: remove duplicated "Running" string from tui title (#32991)
  • nextjs: remove whitespace for newly generated server component (8868cc5d31)
  • nextjs: update entrypoints for buildable library with vite to include server entry #31457 (#32977, #31457)
  • nx-cloud: update broken documentation links to AI features (7a5930a1fa)
  • remix: @​nx/remix/package.json export typo fixed #32810 (#32940, #32810)
  • repo: fix pr releases to not depend on a broken range (#32993)
  • testing: show warning instead of error when no blob outputs found during merge (#33022)
  • vite: ensure tsconfig file is resolved from workspaceRoot #31987 (#32990, #31987)
  • vite: enable build watch mode by default for preview (#31604, #31623)

❤️ Thank You

Commits
  • b7570ad feat(core): add --check=all flag to configure-ai-agents (#32968)
  • 582b15e feat(nx-cloud): update description on nx login and logout (#31344)
  • 4708983 fix(core): remove duplicated "Running" string from tui title (#32991)
  • bdcbe1a fix(core): remove requirement to be in a package manager workspace (#32992)
  • 7974c10 fix(core): repair repo root on setupAiAgents in nx init (#32984)
  • dcfdf1d feat(core): prompt for ai agent files on nx init (#32889)
  • 4e4c377 fix(core): upgrade axios to 1.12.0 to address CVE-2025-58754 (#32712)
  • f9c85ad chore(repo): disable duplicated typecheck targets if the project already uses...
  • 068a7be chore(repo): fix task inputs for nx:build (#32939)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 13, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 13, 2025 19:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 13, 2025
Copy link
Contributor

github-actions bot commented Oct 13, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/nx 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-darwin-arm64 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-darwin-x64 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-freebsd-x64 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-linux-arm-gnueabihf 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-linux-arm64-gnu 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-linux-arm64-musl 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-linux-x64-gnu 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-linux-x64-musl 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-win32-arm64-msvc 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/@nx/nx-win32-x64-msvc 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected
npm/nx 21.6.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
SAST🟢 7SAST tool detected but not run on all commits
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0111 existing vulnerabilities detected

Scanned Files

  • lambdas/package.json
  • lambdas/yarn.lock

Bumps [nx](https://github.com/nrwl/nx/tree/HEAD/packages/nx) from 21.6.3 to 21.6.4.
- [Release notes](https://github.com/nrwl/nx/releases)
- [Commits](https://github.com/nrwl/nx/commits/21.6.4/packages/nx)

---
updated-dependencies:
- dependency-name: nx
  dependency-version: 21.6.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/lambdas/nx-21.6.4 branch from 4fafdd4 to 2eb04dc Compare October 15, 2025 23:29
@npalm npalm merged commit 637a772 into main Oct 17, 2025
8 checks passed
@npalm npalm deleted the dependabot/npm_and_yarn/lambdas/nx-21.6.4 branch October 17, 2025 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant