Bump @nx/next from 19.5.7 to 20.3.1

[dependabot]

Bumps @nx/next from 19.5.7 to 20.3.1.

Release notes

Sourced from @​nx/next's releases.

20.3.1 (2025-01-07)

🚀 Features

• nx-dev: add TOC markdoc component for blog posts (d98e6e4e84)

🩹 Fixes

• core: daemon spinner should show text (#29448)
• js: not generate tsconfig if already exists (#29317)
• js: only add typescript project references for explicit dependencies in sync generator (#28998)
• js: infer outputs correctly when both rootDir and outDir are set for tsconfig (#29531)
• nx-dev: Quote typo (#29513)
• nx-dev: add playsInline to video loop component (615fd172a5)
• release: invalid config path in hint for using skipLockFileUpdate (#29425)
• vite: tsconfig paths plugin should not partially match paths (#29501)

❤️ Thank You

• Bartosz Adamczyk @​clxandstuff
• Craigory Coppola @​AgentEnder
• Emily Xiong @​xiongemi
• Jack Hsu @​jaysoo
• Jack Stevenson
• Juri @​juristr
• Matt Lewis @​mattlewis92
• Nicholas Cunningham @​ndcunningham
• Philip Fulcher

20.3.0 (2024-12-20)

🚀 Features

• angular: support ngrx v19 (#29398)
• core: support rollup.config.ts (#28240)
• core: use custom resolution to resolve from source local plugins with artifacts pointing to the outputs (#29222)
• core: add spinners when graph compute takes long time (#28966)
• core: not exit when one plugin installation failed (#28684)
• core: nx-plugin-checks accounts for outDir and rootDir of projects when checking file existence (#29391)
• core: add lib/** glob to workspaces so we support it out of the box (#29403)
• core: show progress on ci if graph construction takes longer than expected (#29392)
• eslint: rename eslint.config.js to eslint.config.cjs to resolve them as CommonJS (#29334)
• expo: upgrade Expo to v52 (#29142)
• js: update vue/node app and lib generators to support TS solutions (#29299)
• misc: handle artifact generators' path options including file extensions (#29111)
• nx-dev: link more customer videos on enterprise page (7498e470fa)
• nx-plugin: added support for vitest test runner (#29140)
• release: allow automated git push from version or changelog step (#29280)
• rsbuild: add intial package (#29147)
• rsbuild: add inferred targets plugin (#29192)

... (truncated)

Commits

• 84617b0 fix(js): only add typescript project references for explicit dependencies in ...
• 7a583da cleanup(repo): remove unused dependencies (#27676)
• b9c0e3d feat(eslint): rename eslint.config.js to eslint.config.cjs to resolve them as...
• d05f30f fix(core): Adding react apps/libs to workspaces so they can be referenced. (#...
• f922e2b fix(misc): fix misc generation issues with the ts solution setup (#29350)
• 99a0e7c fix(misc): ensure tsBuildInfoFile is generated inside outDir (#29343)
• cfcd4d1 fix(react): fix tailwind for react library and component (#29319)
• 726c07d fix(webpack): Add useTsconfigPaths to app-webpack-plugin (#29291)
• 28c53f9 feat(misc): handle artifact generators' path options including file extensi...
• ec5a5e6 feat(react): update app and lib generators to support new TS solution setup (...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jameshenry, a new releaser for @​nx/next since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[dependabot]

Sorry, only users with push access can use that command.

[codacy-production]

⚠️ Codacy found a medium Security issue: Insecure dependency npm/[email protected] (CVE-2024-43788: webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule) (update to 5.94.0)

The issue identified by the Trivy linter is related to a security vulnerability in the webpack package version 5.88.0. Specifically, it is a DOM Clobbering vulnerability in the AutoPublicPathRuntimeModule, which can potentially allow an attacker to manipulate the DOM in a way that could lead to security issues, such as unauthorized access to sensitive data or execution of malicious scripts. The recommended fix is to update webpack to a version that has addressed this vulnerability, specifically version 5.94.0 or later.

To resolve this issue, you should update the dependency in your package.json file to the secure version. Here is the single line code suggestion to fix the issue:

Suggested change

	"node_modules/@nx/module-federation/node_modules/webpack": {
	"webpack": "^5.94.0",

---

This comment was generated by an experimental AI tool.