chore(lambda): bump nx from 21.6.5 to 22.0.3 in /lambdas

[dependabot]

Bumps nx from 21.6.5 to 22.0.3.

Release notes

Sourced from nx's releases.

22.0.3 (2025-11-10)

🚀 Features

• core: batch hash tasks without custom hashers (#33327)
• core: add OSC 9;4 progress indicator support to TUI (#33325)
• core: disable interactivity by default for run-one task outputs in tui (#33358)
• gradle: use gitignore to determine dependant task output files (#33402)
• maven: upgrade to version 0.0.8 with automated migration (#33315)
• maven: add ci-workflow generator (#33346)
• maven: bump version from 0.0.8 to 0.0.9 (#33405)
• misc: remove CI investigation recommendations from agent rules (#33309)
• vite: add vitest 4 to peerDep range to prevent conflicts (#33394)

🩹 Fixes

• core: also look in .nx installation when reading nx.json extends (#33306)
• core: handle various directories when importing prettier (#33383)
• core: prevent args from being split by spaces when executing through nx wrapper (#33362)
• core: correctly identify local workspace dependencies on windows (#33408)
• maven: resolve maven dependencies from project roots (#33313)
• maven: set migration version to 22.1.0-beta.4 (#33345)
• maven: forward parameters through target dependencies (#33365)
• module-federation: update @​module-federation packages to fix Koa vulnerability (#33285, #33380)
• nextjs: ensure eslint-config-next matches Next.js 14 and 15 versions (#30259, #30258, #30257)
• nx-dev: fix GitHub star button styling in mobile view (#33385)
• testing: use .cts config files for Jest 30+ to fix __dirname issues (#33349, #32236)
• vite: prevent race-condition when importing @​vitejs/plugin-vue (#33307)

❤️ Thank You

• Claude
• Colum Ferry @​Coly010
• Eric Büttner @​tuffz
• Jack Hsu @​jaysoo
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• Leosvel Pérez Espinosa @​leosvelperez
• Louie Weng @​lourw
• MaxKless @​MaxKless

22.0.2 (2025-10-28)

🚀 Features

• docker: support inferring additional args for targets with interpolation support (#32892)
• gradle: add custom installation path to options (#33187)
• nx-dev: add downloadable resources page and React book blog post (4b6009764a)
• release: support {versionActionsVersion} in docker version scheme (#33178)

... (truncated)

Commits

• 2d53ffd fix(core): correctly identify local workspace dependencies on windows (#33408)
• 2a082f8 fix(core): prevent args from being split by spaces when executing through nx ...
• 8801be3 chore(repo): rename jest.config.ts to jest.config.cts to be compat with Node ...
• c03434c feat(core): disable interactivity by default for run-one task outputs in tui ...
• e46a7e1 fix(core): handle various directories when importing prettier (#33383)
• 657c398 cleanup(core): remove unused mouse event listeners from tui (#33368)
• 6d2389d feat(core): add OSC 9;4 progress indicator support to TUI (#33325)
• f07d064 feat(core): batch hash tasks without custom hashers (#33327)
• dceed64 fix(maven): resolve maven dependencies from project roots (#33313)
• 15c567c feat(misc): remove CI investigation recommendations from agent rules (#33309)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/nx	22.0.3	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 115 existing vulnerabilities detected

Scanned Files

• lambdas/package.json
• lambdas/yarn.lock

[npalm]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[npalm]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[npalm]

@dependabot recreate