Migrate esm files

[BTreston]

🎟️ Tracking

📔 Objective

📸 Screenshots

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ D)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[codecov]

Codecov Report

❌ Patch coverage is 55.07812% with 115 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.51%. Comparing base (984ae97) to head (587ccd1).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...c/services/state-service/stateMigration.service.ts	0.00%	63 Missing ⚠️
src/services/state-service/state-vNext.service.ts	87.67%	14 Missing and 4 partials ⚠️
src/bwdc.ts	0.00%	9 Missing ⚠️
src/main.ts	0.00%	9 Missing ⚠️
...vices/gsuite-directory.service.integration.spec.ts	0.00%	7 Missing ⚠️
src/app/services/services.module.ts	0.00%	5 Missing ⚠️
src/services/directory-factory.service.ts	0.00%	2 Missing ⚠️
src/abstractions/state-vNext.service.ts	0.00%	1 Missing ⚠️
src/services/state-service/state.service.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1016      +/-   ##
==========================================
+ Coverage   15.11%   18.51%   +3.39%     
==========================================
  Files          67       70       +3     
  Lines        2798     3030     +232     
  Branches      483      526      +43     
==========================================
+ Hits          423      561     +138     
- Misses       2271     2361      +90     
- Partials      104      108       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 5d76a12b-a627-4ce1-bb5a-1387fa621adf

---

New Issues (22)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2026-2441	Npm-electron-39.2.1	details Description: Use After Free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2026-2648	Npm-electron-39.2.1	details Description: Heap Buffer Overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a cr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2026-2649	Npm-electron-39.2.1	details Description: Integer Overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2026-2650	Npm-electron-39.2.1	details Description: Heap Buffer Overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a craft... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2026-26996	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2026-26996	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2026-26996	Npm-minimatch-5.1.6	details Recommended version: 5.1.8 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2026-27606	Npm-rollup-4.57.1	details Recommended version: 4.59.0 Description: Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.0.0 prior to 3.30.0, and 4.0.0 prior to 4.59.0 of the Rollup module bundler ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2026-27903	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2026-27903	Npm-minimatch-5.1.6	details Recommended version: 5.1.8 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11		CVE-2026-27903	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12		CVE-2026-27903	Npm-minimatch-10.2.2	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
13		CVE-2026-27904	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14		CVE-2026-27904	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
15		CVE-2026-27904	Npm-minimatch-5.1.6	details Recommended version: 5.1.8 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
16		CVE-2026-27904	Npm-minimatch-10.2.2	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17		CVE-2026-27970	Npm-@angular/core-21.1.1	details Recommended version: 21.2.0 Description: Angular is a development platform for building mobile and desktop web applications using TypeScript, JavaScript, and other languages. Versions prio... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
18		Use_Of_Hardcoded_Password	/src/services/state-service/state-vNext.service.spec.ts: 470	details The application uses the hard-coded password "secret-password" for authentication purposes, either using it to verify users' identities, or to ac... Attack Vector
19		Use_Of_Hardcoded_Password	/src/services/state-service/state-vNext.service.spec.ts: 124	details The application uses the hard-coded password "secret-password" for authentication purposes, either using it to verify users' identities, or to ac... Attack Vector
20		Use_Of_Hardcoded_Password	/src/services/state-service/state-vNext.service.spec.ts: 470	details The application uses the hard-coded password "secret-password" for authentication purposes, either using it to verify users' identities, or to ac... Attack Vector
21		Use_Of_Hardcoded_Password	/src/services/state-service/state-vNext.service.spec.ts: 124	details The application uses the hard-coded password "secret-password" for authentication purposes, either using it to verify users' identities, or to ac... Attack Vector
22		Cx5f84137a-beef	Npm-hono-4.11.9	details Recommended version: 4.11.10 Description: The basicAuth and bearerAuth middlewares previously used a comparison that was not fully timing-safe. The timingSafeEqual function used normal str... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package