chore(lambda): bump the nx group in /lambdas with 3 updates #4783

dependabot · 2025-09-22T19:09:41Z

Bumps the nx group in /lambdas with 3 updates: @nx/eslint, @nx/js and @nx/vite.

Updates @nx/eslint from 21.5.2 to 21.5.3

Release notes

Sourced from @nx/eslint's releases.

21.5.3 (2025-09-19)

🚀 Features

core: add NX_PROJECT_ROOT environment variable to runti… (#32736, #31428)

docker: ensure docker:build dependsOn build (#32697)

nx-dev: disable Algolia search on non-docs pages when Astro docs are enabled (#32789)

release: new option preserveMatchingDependencyRanges to not update matching version ranges (#32556)

🩹 Fixes

angular: install a compatible version of jest for angular (#32744)

angular-rspack: show correct file sizes in build stats for i18n builds (#32758, #32277)

angular-rspack: ensure assets extracted from stylesheets correctly #32487 (#32759, #32487)

core: exit fork process and children when ipc connection closes (#32681)

core: improve error messages for provenance checks (#32680)

core: add missing view command to npm (#32729)

core: kill child process correctly when run-script executor process is killed and not using pseudoterminal (#32699)

core: do not shutdown daemon for project graph errors (#32764)

core: fix misc db-related issues (#32745)

gradle: use project configurations to determine project dependencies (#32704)

misc: add typescript output to the eslint ignore when needed (#32775)

nx-dev: correct courses page og image (#32700)

nx-dev: correctly link to url fragments for devkit (#32565)

nx-dev: implement client-side routing for documentation URLs (#32708)

repo: move codeql to yml based config s.t. it runs properly on forks (#32659)

❤️ Thank You

Caleb Ukle

Colum Ferry @Coly010

Craigory Coppola @AgentEnder

Jack Hsu @jaysoo

Jason Jean @FrozenPandaz

Leosvel Pérez Espinosa @leosvelperez

MaxKless @MaxKless

Philip Fulcher

Commits

See full diff in compare view

Updates @nx/js from 21.5.2 to 21.5.3

Release notes

Sourced from @nx/js's releases.

21.5.3 (2025-09-19)

🚀 Features

core: add NX_PROJECT_ROOT environment variable to runti… (#32736, #31428)

docker: ensure docker:build dependsOn build (#32697)

nx-dev: disable Algolia search on non-docs pages when Astro docs are enabled (#32789)

release: new option preserveMatchingDependencyRanges to not update matching version ranges (#32556)

🩹 Fixes

angular: install a compatible version of jest for angular (#32744)

angular-rspack: show correct file sizes in build stats for i18n builds (#32758, #32277)

angular-rspack: ensure assets extracted from stylesheets correctly #32487 (#32759, #32487)

core: exit fork process and children when ipc connection closes (#32681)

core: improve error messages for provenance checks (#32680)

core: add missing view command to npm (#32729)

core: kill child process correctly when run-script executor process is killed and not using pseudoterminal (#32699)

core: do not shutdown daemon for project graph errors (#32764)

core: fix misc db-related issues (#32745)

gradle: use project configurations to determine project dependencies (#32704)

misc: add typescript output to the eslint ignore when needed (#32775)

nx-dev: correct courses page og image (#32700)

nx-dev: correctly link to url fragments for devkit (#32565)

nx-dev: implement client-side routing for documentation URLs (#32708)

repo: move codeql to yml based config s.t. it runs properly on forks (#32659)

❤️ Thank You

Caleb Ukle

Colum Ferry @Coly010

Craigory Coppola @AgentEnder

Jack Hsu @jaysoo

Jason Jean @FrozenPandaz

Leosvel Pérez Espinosa @leosvelperez

MaxKless @MaxKless

Philip Fulcher

Commits

9b1c0c1 fix(misc): add typescript output to the eslint ignore when needed (#32775)
649fcfa feat(release): new option preserveMatchingDependencyRanges to not update matc...
See full diff in compare view

Updates @nx/vite from 21.5.2 to 21.5.3

Release notes

Sourced from @nx/vite's releases.

21.5.3 (2025-09-19)

🚀 Features

core: add NX_PROJECT_ROOT environment variable to runti… (#32736, #31428)

docker: ensure docker:build dependsOn build (#32697)

nx-dev: disable Algolia search on non-docs pages when Astro docs are enabled (#32789)

release: new option preserveMatchingDependencyRanges to not update matching version ranges (#32556)

🩹 Fixes

angular: install a compatible version of jest for angular (#32744)

angular-rspack: show correct file sizes in build stats for i18n builds (#32758, #32277)

angular-rspack: ensure assets extracted from stylesheets correctly #32487 (#32759, #32487)

core: exit fork process and children when ipc connection closes (#32681)

core: improve error messages for provenance checks (#32680)

core: add missing view command to npm (#32729)

core: kill child process correctly when run-script executor process is killed and not using pseudoterminal (#32699)

core: do not shutdown daemon for project graph errors (#32764)

core: fix misc db-related issues (#32745)

gradle: use project configurations to determine project dependencies (#32704)

misc: add typescript output to the eslint ignore when needed (#32775)

nx-dev: correct courses page og image (#32700)

nx-dev: correctly link to url fragments for devkit (#32565)

nx-dev: implement client-side routing for documentation URLs (#32708)

repo: move codeql to yml based config s.t. it runs properly on forks (#32659)

❤️ Thank You

Caleb Ukle

Colum Ferry @Coly010

Craigory Coppola @AgentEnder

Jack Hsu @jaysoo

Jason Jean @FrozenPandaz

Leosvel Pérez Espinosa @leosvelperez

MaxKless @MaxKless

Philip Fulcher

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the nx group in /lambdas with 3 updates: [@nx/eslint](https://github.com/nrwl/nx/tree/HEAD/packages/eslint), [@nx/js](https://github.com/nrwl/nx/tree/HEAD/packages/js) and [@nx/vite](https://github.com/nrwl/nx/tree/HEAD/packages/vite). Updates `@nx/eslint` from 21.5.2 to 21.5.3 - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/21.5.3/packages/eslint) Updates `@nx/js` from 21.5.2 to 21.5.3 - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/21.5.3/packages/js) Updates `@nx/vite` from 21.5.2 to 21.5.3 - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/21.5.3/packages/vite) --- updated-dependencies: - dependency-name: "@nx/eslint" dependency-version: 21.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: nx - dependency-name: "@nx/js" dependency-version: 21.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: nx - dependency-name: "@nx/vite" dependency-version: 21.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: nx ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-09-22T19:10:03Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@nx/eslint

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/js

^21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/vite

^21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/devkit

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/eslint

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/js

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-darwin-arm64

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-darwin-x64

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-freebsd-x64

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-linux-arm-gnueabihf

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-linux-arm64-gnu

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-linux-arm64-musl

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-linux-x64-gnu

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-linux-x64-musl

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-win32-arm64-msvc

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/nx-win32-x64-msvc

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/vite

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/@nx/workspace

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

npm/nx

21.5.3

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	99 existing vulnerabilities detected

Scanned Files

lambdas/package.json
lambdas/yarn.lock

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 22, 2025

dependabot bot requested a review from a team as a code owner September 22, 2025 19:09

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 22, 2025

npalm approved these changes Sep 28, 2025

View reviewed changes

npalm merged commit 94abb8c into main Sep 28, 2025
6 checks passed

npalm deleted the dependabot/npm_and_yarn/lambdas/nx-d7eb210c9a branch September 28, 2025 18:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(lambda): bump the nx group in /lambdas with 3 updates #4783

chore(lambda): bump the nx group in /lambdas with 3 updates #4783

Uh oh!

dependabot bot commented on behalf of github Sep 22, 2025

Uh oh!

github-actions bot commented Sep 22, 2025

Uh oh!

Uh oh!

Uh oh!

chore(lambda): bump the nx group in /lambdas with 3 updates #4783

chore(lambda): bump the nx group in /lambdas with 3 updates #4783

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 22, 2025

21.5.3 (2025-09-19)

🚀 Features

🩹 Fixes

❤️ Thank You

21.5.3 (2025-09-19)

🚀 Features

🩹 Fixes

❤️ Thank You

21.5.3 (2025-09-19)

🚀 Features

🩹 Fixes

❤️ Thank You

Uh oh!

github-actions bot commented Sep 22, 2025

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Uh oh!