chore(deps): bump webpack, @nx/angular, @angular-devkit/build-angular, @nestjs/cli and jest-preset-angular

[dependabot]

Bumps webpack, @nx/angular, @angular-devkit/build-angular, @nestjs/cli and jest-preset-angular. These dependencies needed to be updated together.
Updates webpack from 5.99.6 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

Updates @nx/angular from 19.8.2 to 22.4.5

Release notes

Sourced from @​nx/angular's releases.

22.4.5 (2026-02-03)

🚀 Features

• nx-dev: add server-side page view tracking for docs (#34283)

🩹 Fixes

• core: handle multibyte UTF-8 characters in socket message consumption (#34151)
• core: resolve daemon client reconnect queue deadlock (#34284)
• core: nx should show help for run-one when using project short names (#34303)
• core: prevent command injection in getNpmPackageVersion (#34309)
• gradle: ensure that batch output is not overriden for atomized targets (#34268)
• gradle: enforce that only one gradle task can be passed into gradle executor (#34269)
• maven: include pom.xml and ancestor pom files as inputs for all targets (#34291)
• nx-dev: make headers and table options linkable (#34267)
• nx-dev: fix double-counting and exclude assets from page tracking (#34286)

❤️ Thank You

• Caleb Ukle
• Claude Opus 4.5
• Craigory Coppola @​AgentEnder
• iceThief (민찬기) @​Chanki-Min
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Louie Weng @​lourw

22.4.4 (2026-01-30)

🚀 Features

• core: add decorative banners for Nx Cloud CNW completion message (#34270)

🩹 Fixes

• testing: add timeout to runCommandUntil to prevent hanging tests (#34148)
• testing: preload vitest/node to prevent race condition on Node 24 (#34261, #34028, #33091)

❤️ Thank You

• Colum Ferry @​Coly010
• FrozenPandaz @​FrozenPandaz
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz

22.4.3 (2026-01-29)

🚀 Features

... (truncated)

Commits

• 9073f40 docs(misc): update the docs to use more direct language (#34264)
• 7e12359 feat(angular): add support for angular v21.1 (#34057)
• 42b1f14 fix(misc): deprecate setup-tailwind generators (#34097)
• 574d841 chore(core): update to latest version of tsquery (#34067)
• 5ef02e4 fix(testing): set moduleResolution to node in Cypress tsconfig to prevent TS5...
• 9790910 fix(angular): only throw "define" error when options.define has keys (#33969)
• 691bb32 feat(angular): support cypress component testing with zoneless projects (#33941)
• 5659d50 fix(linter): honor setParserOptionsProject in flat config (#33953)
• 5a4b345 fix(angular): support @angular/cli package update during nx migrate (#33918)
• 98bbec7 feat(angular): support ngrx v21 (#33940)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​nx/angular since your current version.

Updates @angular-devkit/build-angular from 18.2.17 to 21.1.3

Release notes

Sourced from @​angular-devkit/build-angular's releases.

21.1.3

@​schematics/angular

Commit	Description
	warn when production configuration is missing for service worker

@​angular-devkit/build-angular

Commit	Description
	address Node.js deprecation DEP0190

21.1.2

@​angular-devkit/schematics-cli

Commit	Description
	Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular-devkit/architect

Commit	Description
	Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular/build

Commit	Description
	loosen Vitest dependency checks when runnerConfig is used
	support merging coverage thresholds with Vitest runnerConfig

21.1.1

@​schematics/angular

Commit	Description
	correct vscode MCP configuration for new projects
	remove special characters from jasmine-vitest report filename

@​angular/cli

Commit	Description
	Remove nonexistent link from MCP response

@​angular/build

Commit	Description
	allow application assets in workspace root
	prevent incorrect catch binding removal in downleveled for-await
	update undici to v7.18.2

21.1.0

@​schematics/angular

Commit	Description
	add browserMode option to jasmine-vitest schematic
	generate detailed migration report for refactor-jasmine-vitest
	add MCP configuration file to new workspaces

@​angular/cli

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

21.1.3 (2026-02-05)

@​schematics/angular

Commit	Type	Description
a18196a10	fix	warn when production configuration is missing for service worker

@​angular-devkit/build-angular

Commit	Type	Description
6d05d27ca	fix	address Node.js deprecation DEP0190

21.2.0-next.0 (2026-01-28)

@​angular/cli

Commit	Type	Description
0dd04f289	feat	add markdown files to Prettier's formatting list
fbae1b6ab	feat	automatic formatting files modified by schematics
98a24d040	feat	standardize MCP tools around workspace/project options
d9cd609c5	fix	correctly parse scoped packages in yarn classic list output
5b05f2500	fix	enable shell option for Prettier execution on Windows platforms

@​schematics/angular

Commit	Type	Description
aa7381efd	feat	add a '.prettierrc' file to generated workspaces and add Prettier as dev dependency
f80db6fb7	feat	add ng-add support for Vitest browser providers

@​angular-devkit/build-angular

Commit	Type	Description
b4a8d198c	fix	address Node.js deprecation DEP0190

@​angular/build

Commit	Type	Description
0b4982720	fix	adjust sourcemap sources when Vitest wrapper is bypassed

... (truncated)

Commits

• 0a8860d release: cut the v21.1.3 release
• e80d7c5 build: update dependency @​modelcontextprotocol/sdk to v1.26.0
• f6cc58c build: update webpack dependency to version 5.105.0
• 133cf28 build: update cross-repo angular dependencies to v21.1.3
• ed0b4c5 build: update rules_browsers digest to e08ae33
• 31931f6 build: update github/codeql-action action to v4.32.1
• 94a830c build: update dependency @​modelcontextprotocol/sdk to v1.25.3
• 7a2ec50 build: update cross-repo angular dependencies
• d5a8314 build: configure Jasmine to allow duplicate describe block names
• f4c14f0 build: lock file maintenance
• Additional commits viewable in compare view

Updates @nestjs/cli from 10.4.9 to 11.0.16

Release notes

Sourced from @​nestjs/cli's releases.

Release 11.0.16

• Merge pull request #3246 from nestjs/revert-3183-renovate/inquirer-prompts-8.x (a93d9193)
• Revert "fix(deps): update dependency @​inquirer/prompts to v8" (a3359502)

Release 11.0.15

What's Changed

• chore(deps): update dependency @​swc/core to v1.15.8 by @​renovate[bot] in nestjs/nest-cli#3230
• chore(deps): update dependency @​swc/cli to v0.7.10 by @​renovate[bot] in nestjs/nest-cli#3242
• fix(utils): tree-kill use spawn sync to fix node 24 crash by @​LucM in nestjs/nest-cli#3235
• fix(deps): update dependency webpack to v5.104.1 by @​renovate[bot] in nestjs/nest-cli#3221
• chore(deps): update node.js to v24.13.0 by @​renovate[bot] in nestjs/nest-cli#3214
• fix(deps): update dependency @​inquirer/prompts to v8 by @​renovate[bot] in nestjs/nest-cli#3183

New Contributors

• @​LucM made their first contribution in nestjs/nest-cli#3235

Full Changelog: nestjs/nest-cli@11.0.14...11.0.15

Release 11.0.14

What's Changed

• ci: switch npm ignore to allow list by @​bryopsida in nestjs/nest-cli#3203

New Contributors

• @​bryopsida made their first contribution in nestjs/nest-cli#3203

Full Changelog: nestjs/nest-cli@11.0.13...11.0.14

Release 11.0.13

• chore(deps): update dependency @​swc/core to v1.15.3 (#3196) (361d050f)
• fix(deps): update dependency glob to v13 (e7e254c2)
• fix: Node v24 DEP0190 warning by removing args for shell: true (367c29b7)
• fix(deps): update dependency webpack to v5.103.0 (dcca6500)

Release 11.0.12

What's Changed

• fix: revert #3128 by @​kamilmysliwiec in nestjs/nest-cli#3192

Full Changelog: nestjs/nest-cli@11.0.11...11.0.12

Release 11.0.11

What's Changed

• fix(deps): update angular-cli monorepo to v19.2.19 by @​renovate[bot] in nestjs/nest-cli#3148
• refactor(dependency): Remove tree-kill dependency by @​gcstarr in nestjs/nest-cli#3157
• chore(deps): update dependency @​swc/core to v1.15.2 by @​renovate[bot] in nestjs/nest-cli#3181
• fix(deps): update dependency glob to v12 by @​renovate[bot] in nestjs/nest-cli#3186
• fix(deps): update dependency @​inquirer/prompts to v7.10.1 by @​renovate[bot] in nestjs/nest-cli#3178
• fix(deps): update dependency ansis to v4.2.0 by @​renovate[bot] in nestjs/nest-cli#3171

Full Changelog: nestjs/nest-cli@11.0.10...11.0.11

... (truncated)

Commits

• bf14ece chore(): release v11.0.16
• a93d919 Merge pull request #3246 from nestjs/revert-3183-renovate/inquirer-prompts-8.x
• a335950 Revert "fix(deps): update dependency @​inquirer/prompts to v8"
• e70be54 chore(): release v11.0.15
• b8337cd Merge pull request #3183 from nestjs/renovate/inquirer-prompts-8.x
• db7b3d6 Merge pull request #3214 from nestjs/renovate/cimg-node-24.x
• e890435 Merge pull request #3221 from nestjs/renovate/webpack-5.x
• 3d5dd5c Merge pull request #3235 from LucM/fix/tree-kill-spawn-sync
• 3a03590 chore(deps): update dependency prettier to v3.8.0 (#3243)
• 2452490 chore(deps): update dependency @​swc/cli to v0.7.10 (#3242)
• Additional commits viewable in compare view

Updates jest-preset-angular from 14.2.4 to 14.6.2

Release notes

Sourced from jest-preset-angular's releases.

v14.6.2

Please refer to CHANGELOG.md for details.

v14.6.1

Please refer to CHANGELOG.md for details.

v14.6.0

Please refer to CHANGELOG.md for details.

v14.5.5

Please refer to CHANGELOG.md for details.

v14.5.4

Please refer to CHANGELOG.md for details

v14.5.3

Please refer to CHANGELOG.md for details.

v14.5.2

Please refer to CHANGELOG.md for details.

v14.5.1

Please refer to CHANGELOG.md for details.

v14.5.0

Please refer to CHANGELOG.md for details.

v14.4.2

Please refer to CHANGELOG.md for details.

v14.4.1

Please refer to CHANGELOG.md for details.

v14.4.0

Please refer to CHANGELOG.md for details.

v14.4.0-rc.0

Please refer to CHANGELOG.md for details.

v14.3.3

Please refer to CHANGELOG.md for details.

v14.3.2

Please refer to CHANGELOG.md for details.

v14.3.1

Please refer to CHANGELOG.md for details.

v14.3.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from jest-preset-angular's changelog.

14.6.2 (2025-10-17)

Bug Fixes

• handle processWithEsbuild transform option (6779107)

14.6.1 (2025-07-21)

Bug Fixes

• fix: add @angular/common/locales to CJS preset #3190 (4234520), closes #3182

14.6.0 (2025-06-02)

Features

• feat: add support for angular 20 (e041857)

14.5.5 (2025-04-15)

Bug Fixes

• fix: allow name exports for presets subpath (9100baf)

15.0.0-next.0 (2025-02-28)

Bug Fixes

• fix(serializers): generated id="root{n}" should be removed (a6b908f)

Code Refactoring

• refactor: drop support for jsdom <22 (da9cb15)
• refactor: drop support for typescript <5.4 (873ab73)
• refactor: drop support for Angular <17 (3a60492)
• refactor: drop support for Node.js <18 (aeef774)

... (truncated)

Commits

• 202463b chore(release): 14.6.2
• 051d524 fix: handle processWithEsbuild transform option
• 78e92bf chore(release): 14.6.1
• b51ee4b build(deps): Update dependency @​types/node to ^22.16.3
• 57b32ed build(deps): Update dependency eslint-plugin-jsdoc to ^51.3.4
• 4234520 fix: add @angular/common/locales to CJS preset (#3190)
• 2466c27 build(deps): Update dependency globals to ^16.3.0 (#3189)
• eccc1d4 build(deps): Update Angular packages (#3183)
• a7d1b73 build(deps): Update dependency @​types/node to ^22.16.0 (#3188)
• 7f8e6ce build(deps): Update babel monorepo to ^7.28.0 (#3187)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.