Bump @nx/next from 19.5.7 to 20.2.2

[dependabot]

Bumps @nx/next from 19.5.7 to 20.2.2.

Release notes

Sourced from @​nx/next's releases.

20.2.2 (2024-12-10)

🚀 Features

• misc: handle artifact generators' path options including file extensions (#29111)
• testing: allow custom address for local registry (#29050)

🩹 Fixes

• angular: handle removed angular-eslint rules in root eslint config files and update package (#29262)
• angular: normalize prerender and appShell options of the application executor correctly (#29281)
• core: defer loading package manager until necessary (#29248)
• core: hashing fixes (#29247)
• core: Update bundlers to not typecheck if using new TS solution setup (#29227)
• core: ensure @​nx/module-federation is listed in package group (#29292)
• js: switch from fast-glob to tinyglobby (#29141)
• nx-dev: update Nx Cloud proj created (#29272)
• react: add files entry for publishable libraries (#29277)
• react-native: default template fails when envs are not set (#28931)
• react-native: typescript lib schema (#27955)
• release: use prepatch version for pre-release dependent package updates (#29123)
• release: make commits separator in git log command more unique (#29261)
• repo: cleanup old plugins promise (#29295)
• ⚠️ vite: generate config with esm by default (#29270)

⚠️ Breaking Changes

• ⚠️ vite: generate config with esm by default (#29270)

❤️ Thank You

• Ben McCann @​benmccann
• Colum Ferry @​Coly010
• Fábio Correia
• Jack Hsu @​jaysoo
• Jacob Ley @​JacobLey
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• Juri Strumpflohner @​juristr
• Leosvel Pérez Espinosa @​leosvelperez
• Maciej Stosio @​maciekstosio
• master96
• Nicholas Cunningham @​ndcunningham
• Tine Kondo @​tinesoft

20.2.1 (2024-12-06)

🩹 Fixes

• core: add workspaces path if package path is not included (#28824)

... (truncated)

Commits

• 2d36684 feat(misc): handle artifact generators' path options including file extensi...
• ec5a5e6 feat(react): update app and lib generators to support new TS solution setup (...
• dc67660 fix(misc): update artifact generator option descriptions and cleanup leftover...
• 8eb6159 fix(nextjs): Add support for next.config.ts for executors (#29071)
• 5514329 server-next-executor-examples: minor typo documentation (#28830)
• d4b9e0d fix(nextjs): update default next-env (#28861)
• 39b0a6c chore(nextjs): bump Next.js version to 14.2.16 (#28782)
• 0706c7f fix(nextjs): Formatting for pages (#28734)
• 0ad7c6b fix(nextjs): do not generate spec files if unitTestRunner is not set programm...
• b89a62e fix(nextjs): Fix json spread typo (#28728)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[dependabot]

Sorry, only users with push access can use that command.

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[codacy-production]

⚠️ Codacy found a medium Security issue: Insecure dependency npm/[email protected] (CVE-2024-43788: webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule) (update to 5.94.0)

The issue identified by the Trivy linter is a security vulnerability in the webpack package version 5.88.0, specifically related to a DOM Clobbering vulnerability (CVE-2024-43788). This vulnerability can potentially allow an attacker to manipulate the DOM in a way that may lead to unintended behaviors or security issues in applications that use this version of webpack. The recommended action is to update to a patched version, which in this case is 5.94.0.

To fix this issue, you should update the version of webpack in your project's dependency tree. Here is the single line change that you can make:

Suggested change

	"node_modules/@nx/module-federation/node_modules/webpack": {
	"version": "5.94.0",

This change should be made in the relevant section of your package.json or wherever the version of webpack is specified in your project. After making this change, remember to run npm install or yarn install to update the package in your node_modules.

---

This comment was generated by an experimental AI tool.

[dependabot]

Superseded by #4690.