chore(deps): bump koa and @nx/angular in /src

[dependabot]

Removes koa. It's no longer used after updating ancestor dependency @nx/angular. These dependencies need to be updated together.

Removes koa

Updates @nx/angular from 22.5.2 to 22.6.3

Release notes

Sourced from @​nx/angular's releases.

22.6.3 (2026-03-27)

🚀 Features

• misc: a/b test cloud prompt copy in create-nx-workspace (#35039)

🩹 Fixes

• js: add {projectRoot} prefix to d.ts fileset in typescript plugin (#35037)
• misc: use namespace import for chalk v4 compatibility (7c9f873bd1)
• misc: handle non-interactive mode and add template shorthand names for CNW (#35045)

❤️ Thank You

• FrozenPandaz @​FrozenPandaz
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz

22.6.2 (2026-03-26)

🚀 Features

• core: auto-open browser for Cloud setup URL during create-nx-workspace (#35014)
• repo: add nx-labs repo target and use glob pattern for update-all-repos (#34999)

🩹 Fixes

• angular: update duplicate migration keys (#34961)
• angular-rspack: ensure rebuild chunks emitted summary accurate (#34979, #34936)
• bundling: disable swc input source map resolution (#35010, #32671)
• core: split-target should handle projects with colons in name better (#34725)
• core: prevent TUI crash when task output arrives after completion (#34785, #34677)
• core: respect --parallel limit for discrete task concurrency (#34721, #34117, #31494)
• core: use scroll-offset-based scrollbar positioning in TUI (#34689)
• core: skip import-equals namespace aliases in native scanner (#34947, #34644)
• core: include command name on all telemetry events (#34949)
• core: skip workspace context setup when global bin hands off to local (#34953, #34914)
• core: use upsert to prevent FK constraint violations in task DB (#34977)
• core: runtime inputs shouldn't be cached at task_hasher layer and filesets should be in the hash_plans layer (#34971, #30170)
• core: show better log message when isolated plugin shuts down after hook completion (#34922)
• core: handle owners and conformance project refs on move/remove (#34815)
• core: resolve published nx migrate package resolution (#35013, #34111)
• core: prevent batch executor error on prematurely completed tasks (#35015)
• core: add timeouts to GitHub push flow to prevent CLI hangs (#35011, #34482)
• devkit: prevent double install in generators for TS solution workspaces (#34891)
• devkit: add startTime and endTime to TaskResult interface (#34996)
• gradle: ignore test enums when atomizing (#34974)
• js: pass configName to typecheck command in TS plugin (#34989, #34274)
• js: add input on .d.ts files within dependency projects (#34968)
• linter: prepend framework configs before baseConfig in flat config generation (#34898, #28381, #32923)

... (truncated)

Commits

• ed5cd20 chore(repo): ensure Cypress CT unit tests use Vite 7 since 8 is unsupported (...
• c96a9d4 fix(vite): add support for Vite 8 (#34850)
• 23bb49e cleanup(angular): remove postcss-url dependency (#34976)
• 5f46af1 fix(angular): update duplicate migration keys (#34961)
• dbd2ace fix(linter): prepend framework configs before baseConfig in flat config gener...
• fb8884e fix(vitest): handle zoneless Angular apps in vitest configuration generator (...
• cb6452c fix(misc): address security CVE cluster (copy-webpack-plugin, koa, minimatch)...
• f60f1c6 fix(angular): preserve skipLibCheck in tsconfig.json for standalone projects ...
• f48bf31 fix(repo): remove redundant inputs override for build-base target (#34649)
• b1614d7 feat(angular): add support for Angular v21.2 (#34592)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.