chore(release): publish libraries [WPB-22420]

[otto-the-bot]

Automated release PR created by nx release. ⚠️ Important: Squash-merge this PR (do not use 'Merge commit').

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[semgrep-code-wireapp]

High severity vulnerability may affect your project—review required:
Line 17103 lists a dependency (fast-xml-parser) with a known High severity vulnerability.

ℹ️ Why this matters

Affected versions of fast-xml-parser are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'). fast-xml-parser can be denial-of-service'd via uncontrolled XML entity expansion: a crafted XML document with a DOCTYPE that defines a large plain-text entity and references it many times causes OrderedObjParser.replaceEntitiesValue() to repeatedly expand the entity without any limit on output size or replacement work, blocking the Node.js event loop and freezing the application while parsing untrusted XML (mitigate by disabling entity/DOCTYPE processing, e.g., processEntities: false).

References: GHSA, CVE

To resolve this comment:
Check if you are using fxparser on the CLI.

• If you're affected, upgrade this dependency to at least version 5.3.6 at yarn.lock.
• If you're not affected, comment /fp we don't use this [condition]

💬 Ignore this finding

To ignore this, reply with:

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}

[semgrep-code-wireapp]

High severity vulnerability may affect your project—review required:
Line 17103 lists a dependency (fast-xml-parser) with a known High severity vulnerability.

ℹ️ Why this matters

Affected versions of fast-xml-parser are vulnerable to Improper Input Validation / Uncaught Exception. A RangeError in fast-xml-parser's numeric entity handling allows an attacker to crash any application parsing untrusted XML. The parser uses String.fromCodePoint on decimal or hex entities without bounds checking (e.g. � or �), which throws an uncaught exception and terminates the Node.js process, resulting in a denial-of-service.

References: GHSA, CVE

To resolve this comment:
Check if you are using fxparser on the CLI.

• If you're affected, upgrade this dependency to at least version 5.3.4 at yarn.lock.
• If you're not affected, comment /fp we don't use this [condition]

💬 Ignore this finding

To ignore this, reply with:

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}

[semgrep-code-wireapp]

Critical severity vulnerability may affect your project—review required:
Line 17103 lists a dependency (fast-xml-parser) with a known Critical severity vulnerability.

ℹ️ Why this matters

Affected versions of fast-xml-parser are vulnerable to Incorrect Regular Expression. fast-xml-parser is vulnerable to an entity-encoding bypass when parsing untrusted XML with DOCTYPE entities enabled (the default processEntities: true): attacker-controlled DOCTYPE entity names are interpolated into RegExp() without escaping . (dot), so a name like l. becomes a wildcard regex that shadows built-in entities such as <, >, &, ", and ', allowing arbitrary replacement text and leading to XSS (or other injection) when the parsed output is later rendered or used in an injection-sensitive context.

References: GHSA, CVE

To resolve this comment:
Check if you are using fxparser on the CLI.

• If you're affected, upgrade this dependency to at least version 5.3.5 at yarn.lock.
• If you're not affected, comment /fp we don't use this [condition]

💬 Ignore this finding

To ignore this, reply with:

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.40%. Comparing base (ce1fd90) to head (42e2d9e).
⚠️ Report is 1 commits behind head on dev.

Additional details and impacted files

@@            Coverage Diff             @@
##              dev   #20513      +/-   ##
==========================================
- Coverage   45.40%   45.40%   -0.01%     
==========================================
  Files        1637     1637              
  Lines       40364    40364              
  Branches     8334     8334              
==========================================
- Hits        18327    18326       -1     
  Misses      20101    20101              
- Partials     1936     1937       +1     

Flag	Coverage Δ
app_webapp	43.59% <ø> (-0.01%)	⬇️
lib_api_client	50.17% <ø> (ø)
lib_core	59.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔗 Download Full Report Artifact

🧪 Playwright Test Summary

• ✅ Passed: 10
• ❌ Failed: 0
• ⏭ Skipped: 4
• 🔁 Flaky: 0
• 📊 Total: 14
• ⏱ Total Runtime: 82.7s (~ 1 min 23 sec)