Update dependency nx to v22.1.1

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
nx (source)	22.0.2 -> 22.1.1

---

Release Notes

nrwl/nx (nx)

v22.1.1

Compare Source

22.1.1 (2025-11-21)

🚀 Features

• linter: add util to load eslint rules from a directory (#​33543)
• nx-cloud: prepend nx version to stats metadata (#​33568)

🩹 Fixes

• core: don't presume a task is long running if its marked cacheable (#​33545, #​32610)
• core: daemon command should exit at end (#​33547)
• core: provide error when nested graph construction would occur invoked during createNodes (#​33541, #​29618)
• graph: align exclude flag with others by using findMatchingProjects (#​33550)
• linter: handle various flat config override structures (#​33548, #​31796)
• react: exclude tailwind from CSS modules syntax in component generator (#​33574)
• storybook: remove STORYBOOK_PROJECT_ROOT when running automigrate to prevent hanging (#​33567, #​32492)
• vite: generate .mts config files to force ESM (#​33518)

❤️ Thank You

• AgentEnder @​AgentEnder
• Claude
• Craigory Coppola @​AgentEnder
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless

v22.1.0

Compare Source

22.1.0 (2025-11-19)

🚀 Features

• core: update rust (#​33220)
• core: enable tui by default on windows (#​33314)
• core: batch hash tasks without custom hashers (#​33327)
• core: add OSC 9;4 progress indicator support to TUI (#​33325)
• core: collect resource usage (#​32946)
• core: disable interactivity by default for run-one task outputs in tui (#​33358)
• core: track system metrics and link plugins to workers when possible (#​33411)
• core: pull nx init from latest before executing (#​33446)
• core: export TypeScript schema definitions via wildcard patterns (#​33454, #​33336)
• core: make console daemon check backgroundable and pulling from latest (#​33491)
• core: apply parent env to atomized target (#​33013)
• docker: support inferring additional args for targets with interpolation support (#​32892)
• docker: add skipDefaultTag option to build target (#​33477, #​33506)
• gradle: add custom installation path to options (#​33187)
• gradle: use gitignore to determine dependant task output files (#​33402)
• gradle: allow specifying project and task configuration from gradle build files (#​33264)
• maven: upgrade to version 0.0.8 with automated migration (#​33315)
• maven: add ci-workflow generator (#​33346)
• maven: bump version from 0.0.8 to 0.0.9 (#​33405)
• maven: add option to prefix all maven targets (#​33420)
• misc: remove CI investigation recommendations from agent rules (#​33309)
• nextjs: add support for next 16 (#​33296, #​33207)
• nx-dev: add downloadable resources page and React book blog post (160b4cce34)
• release: support {versionActionsVersion} in docker version scheme (#​33178)
• release: add resolveVersionPlans option to changelog CLI and API (#​33435)
• storybook: add support for storybook 10 (#​33277, #​33141)
• storybook: generate ai instructions for converting from CJS to ESM after migration (#​33395)
• testing: support cypress v15 (#​33393, #​33304)
• vite: add atomizer support for vitest (#​33265)
• vite: add vitest 4 to peerDep range to prevent conflicts (#​33394)
• vitest: split vitest into @​nx/vitest plugin (#​33311)
• vitest: split entrypoint into plugin, generators, executors (#​33426)
• vitest: support vitest 4 (#​33424)

🩹 Fixes

• core: adding output error reason (#​33159)
• core: continue execution when cloud client is unavailable (#​33214)
• core: prevent error message containing [object Object] for invalid {workspaceRoot} placement (#​33203)
• core: fix swapped arguments when resolving catalog references from the filesystem (#​33237)
• core: should find dockerfiles to suggest installing docker plugin (#​33234)
• core: stream without prefixes showing tui (#​33194, #​32535)
• core: ensure daemon writes project graph cache to disk consistently (#​33217)
• core: add accept header to http remote cache get (#​33093, #​33092)
• core: prevent undefined importer crash in pnpm lockfile parsing (#​33223)
• core: split lockfile cache and other performance improvements (#​33256)
• core: turn v8 serializer off by default but fallback to it if json serialization fails (#​33274, #​4, #​2, #​3)
• core: make sure that gemini contextFileName is string before trying to resolve (#​33280)
• core: also look in .nx installation when reading nx.json extends (#​33306)
• core: handle various directories when importing prettier (#​33383)
• core: prevent args from being split by spaces when executing through nx wrapper (#​33362)
• core: correctly identify local workspace dependencies on windows (#​33408)
• core: clean up dead processes from metrics (#​33437)
• core: resolve lockfile cache regression with keyMap state (#​33448, #​33256)
• core: remove system metrics collection and reporting (#​33456)
• core: optimize batch task scheduling to prevent redundant traversals (#​33455, #​33366)
• core: capture stderr in nx add command for better error messages (#​33462)
• core: include require paths when resolving specified plugins (#​33495)
• core: prevent hanging between command end and process exit (#​33500)
• core: resolve all lock ordering deadlocks in metrics collector (#​33513)
• core: avoid leaking memory due by creating an unref'd interval for each daemon connection (#​33532, #​29836)
• core: default input should indeed be default (#​33533)
• docker: handle undefined options when creating graph (#​33235)
• docker: handle dockerfile at project root tag (#​33236)
• docker: guard commitSha null in plugin interpolation (#​33275)
• gradle: bump gradle migration version (#​33479)
• graph: add nx:build-native dependency to typecheck target (#​33428)
• js: update vitest generator import in library generator (#​33430)
• js: improve typescript plugin performance (#​33425, #​33076)
• js: remove redundant typescript project references (#​33438)
• js: skip TS project references migration for non-TS-solution workspaces (#​33467)
• js: sync external references to project's tsconfig.json file if it includes any files (#​33524)
• maven: add support for unbound goals in plugin targets (#​33191)
• maven: use File.isAbsolute for cross-platform path detection (#​33195)
• maven: resolve maven dependencies from project roots (#​33313)
• maven: set migration version to 22.1.0-beta.4 (#​33345)
• maven: forward parameters through target dependencies (#​33365)
• maven: skip maven plugin computation on vercel/netlify (#​33486)
• misc: add explanatory footer to ai agents prompts (#​33182)
• misc: handle null exit codes from crashed child processes (#​33163, #​29204)
• misc: handle ERR_USE_AFTER_CLOSE gracefully in nx init and create-nx-workspace (#​33469)
• module-federation: update @​module-federation packages to fix Koa vulnerability (#​33285, #​33380)
• nextjs: ensure eslint-config-next matches Next.js 14 and 15 versions (#​30259, #​30258, #​30257)
• node: migrate to koa 3.0.3 (#​33208)
• nx-dev: update docs code blocks usage (#​32998)
• nx-dev: add copy-docs back as a dep of serve (#​33215)
• nx-dev: fix GitHub star button styling in mobile view (#​33385)
• nx-dev: error out when failing to parse plugin manifests (#​33498)
• release: changelog renderer should render commit title with breaking changes (#​33439)
• release: ensure file change calculation matches nx affected #​33413 (#​33539, #​33413)
• storybook: remove optional nature of migration (#​33427)
• storybook: normalize version range before comparison (#​33515, #​33514)
• testing: use .cts config files for Jest 30+ to fix __dirname issues (#​33349, #​32236)
• vite: nxViteTsPaths supports local path aliases (#​33241, #​33231)
• vite: prevent race-condition when importing @​vitejs/plugin-vue (#​33307)
• vite: ensure atomizer does not consider projects outside the project root (#​33344)
• vite: ensure createVitest looks only from projectRoot (#​33361)
• vite: support vitest v4 (#​33478)
• vitest: do not fail when cleanedAngularVersion is of incorrect type (#​33436, #​33347)
• webpack: prevent errors when importing @​nx/webpack before typescript is installed (#​33251)

❤️ Thank You

• Caleb Ukle
• Claude
• Colum Ferry @​Coly010
• Coly010 @​Coly010
• Craigory Coppola @​AgentEnder
• Emilio Heinzmann @​emiliosheinz
• Eric Büttner @​tuffz
• FrozenPandaz @​FrozenPandaz
• Hugo Burton @​hugs7
• Jack Hsu @​jaysoo
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• Juri Strumpflohner
• Leosvel Pérez Espinosa @​leosvelperez
• leosvelperez @​leosvelperez
• Louie Weng @​lourw
• MaxKless @​MaxKless
• Miroslav Jonaš @​meeroslav
• Sander Boelhouwers
• Zachary DeRose @​ZackDeRose

v22.0.4

Compare Source

22.0.4 (2025-11-17)

🚀 Features

• core: pull nx init from latest before executing (#​33446)
• docker: add skipDefaultTag option to build target (#​33477, #​33506)
• maven: add option to prefix all maven targets (#​33420)

🩹 Fixes

• core: resolve lockfile cache regression with keyMap state (#​33448, #​33256)
• core: optimize batch task scheduling to prevent redundant traversals (#​33455, #​33366)
• core: capture stderr in nx add command for better error messages (#​33462)
• core: include require paths when resolving specified plugins (#​33495)
• core: prevent hanging between command end and process exit (#​33500)
• gradle: bump gradle migration version (#​33479)
• graph: add nx:build-native dependency to typecheck target (#​33428)
• js: improve typescript plugin performance (#​33425, #​33076)
• maven: skip maven plugin computation on vercel/netlify (#​33486)
• misc: handle ERR_USE_AFTER_CLOSE gracefully in nx init and create-nx-workspace (#​33469)
• release: changelog renderer should render commit title with breaking changes (#​33439)

❤️ Thank You

• Claude
• Colum Ferry @​Coly010
• Craigory Coppola @​AgentEnder
• FrozenPandaz @​FrozenPandaz
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Leosvel Pérez Espinosa @​leosvelperez
• Louie Weng @​lourw
• MaxKless @​MaxKless

v22.0.3

Compare Source

22.0.3 (2025-11-10)

🚀 Features

• core: batch hash tasks without custom hashers (#​33327)
• core: add OSC 9;4 progress indicator support to TUI (#​33325)
• core: disable interactivity by default for run-one task outputs in tui (#​33358)
• gradle: use gitignore to determine dependant task output files (#​33402)
• maven: upgrade to version 0.0.8 with automated migration (#​33315)
• maven: add ci-workflow generator (#​33346)
• maven: bump version from 0.0.8 to 0.0.9 (#​33405)
• misc: remove CI investigation recommendations from agent rules (#​33309)
• vite: add vitest 4 to peerDep range to prevent conflicts (#​33394)

🩹 Fixes

• core: also look in .nx installation when reading nx.json extends (#​33306)
• core: handle various directories when importing prettier (#​33383)
• core: prevent args from being split by spaces when executing through nx wrapper (#​33362)
• core: correctly identify local workspace dependencies on windows (#​33408)
• maven: resolve maven dependencies from project roots (#​33313)
• maven: set migration version to 22.1.0-beta.4 (#​33345)
• maven: forward parameters through target dependencies (#​33365)
• module-federation: update @​module-federation packages to fix Koa vulnerability (#​33285, #​33380)
• nextjs: ensure eslint-config-next matches Next.js 14 and 15 versions (#​30259, #​30258, #​30257)
• nx-dev: fix GitHub star button styling in mobile view (#​33385)
• testing: use .cts config files for Jest 30+ to fix __dirname issues (#​33349, #​32236)
• vite: prevent race-condition when importing @​vitejs/plugin-vue (#​33307)

❤️ Thank You

• Claude
• Colum Ferry @​Coly010
• Eric Büttner @​tuffz
• Jack Hsu @​jaysoo
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• Leosvel Pérez Espinosa @​leosvelperez
• Louie Weng @​lourw
• MaxKless @​MaxKless

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​grunt-jscs@​3.0.1
	npm/​btoa@​1.2.1
	npm/​karma-detect-browsers@​2.3.3
	npm/​grunt-contrib-copy@​1.0.0
	npm/​grunt-exec@​3.0.0
	npm/​grunt-postcss@​0.9.0
	npm/​load-grunt-tasks@​5.1.0
	npm/​ip@​2.0.1
	npm/​grunt@​1.6.1
	npm/​karma-qunit@​4.2.1
	npm/​grunt-html@​17.0.1
	npm/​grunt-contrib-less@​3.0.0
	npm/​cross-env@​7.0.3
	npm/​grunt-contrib-cssmin@​5.0.0
	npm/​karma-firefox-launcher@​2.1.3
	npm/​karma-chrome-launcher@​3.2.0
	npm/​karma-browserstack-launcher@​1.6.0
	npm/​karma@​6.4.4
	npm/​grunt-contrib-clean@​2.0.1
	npm/​grunt-contrib-concat@​2.1.0
	npm/​grunt-contrib-jshint@​3.2.0
	npm/​autoprefixer@​9.8.8
	npm/​grunt-contrib-uglify@​5.2.2
	npm/​grunt-stylelint@​0.10.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Prototype Pollution in npm lodash CVE: GHSA-jf85-cpcp-j695 Prototype Pollution in lodash (CRITICAL) Affected versions: < 4.17.12 Patched version: 4.17.12 From: xwiki-platform-core/xwiki-platform-bootstrap/src/main/package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm lodash CVE: GHSA-jf85-cpcp-j695 Prototype Pollution in lodash (CRITICAL) Affected versions: < 4.17.12 Patched version: 4.17.12 From: xwiki-platform-core/xwiki-platform-bootstrap/src/main/package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report