Merge branch 'main' into PM-26250-Explore-options-to-enable-direct-importer-for-mac-app-store-build

2025-12-29 22:53:44 +00:00 · 2025-12-19 09:06:33 -07:00
parent 82e78ab070 3bd9ee1925
commit 7b897b49f2
441 changed files with 52881 additions and 9119 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -233,3 +233,4 @@ libs/pricing @bitwarden/team-billing-dev
 .claude/ @bitwarden/team-ai-sme
 .github/workflows/respond.yml @bitwarden/team-ai-sme
 .github/workflows/review-code.yml @bitwarden/team-ai-sme
+libs/subscription @bitwarden/team-billing-dev
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -3,6 +3,7 @@
  extends: ["github>bitwarden/renovate-config"], // Extends our default configuration for pinned dependencies
  enabledManagers: ["cargo", "github-actions", "npm"],
  packageRules: [
+    // ==================== Repo-Wide Update Behavior Rules ====================
    {
      // Group all Github Action minor updates together to reduce PR noise.
      groupName: "Minor github-actions updates",
@@ -16,13 +17,6 @@
      matchDepNames: ["rust"],
      commitMessageTopic: "Rust",
    },
-    {
-      // By default, we send patch updates to the Dependency Dashboard and do not generate a PR.
-      // We want to generate PRs for a select number of dependencies to ensure we stay up to date on these.
-      matchPackageNames: ["browserslist", "electron", "rxjs", "typescript", "webpack", "zone.js"],
-      matchUpdateTypes: ["patch"],
-      dependencyDashboardApproval: false,
-    },
    {
      // Disable major and minor updates for TypeScript and Zone.js because they are managed by Angular.
      matchPackageNames: ["typescript", "zone.js"],
@@ -44,6 +38,8 @@
      description: "Manually updated using ng update",
      enabled: false,
    },
+
+    // ==================== Team Ownership Rules ====================
    {
      matchPackageNames: ["buffer", "bufferutil", "core-js", "process", "url", "util"],
      description: "Admin Console owned dependencies",
@@ -79,28 +75,6 @@
      commitMessagePrefix: "[deps] Architecture:",
      reviewers: ["team:dept-architecture"],
    },
-    {
-      matchPackageNames: [
-        "@angular-eslint/schematics",
-        "@eslint/compat",
-        "@typescript-eslint/rule-tester",
-        "@typescript-eslint/utils",
-        "angular-eslint",
-        "eslint-config-prettier",
-        "eslint-import-resolver-typescript",
-        "eslint-plugin-import",
-        "eslint-plugin-rxjs-angular",
-        "eslint-plugin-rxjs",
-        "eslint-plugin-storybook",
-        "eslint-plugin-tailwindcss",
-        "eslint",
-        "husky",
-        "lint-staged",
-        "typescript-eslint",
-      ],
-      groupName: "Minor and patch linting updates",
-      matchUpdateTypes: ["minor", "patch"],
-    },
    {
      matchPackageNames: [
        "@emotion/css",
@@ -241,60 +215,10 @@
      reviewers: ["team:team-platform-dev"],
    },
    {
-      // We need to group all napi-related packages together to avoid build errors caused by version incompatibilities.
-      groupName: "napi",
-      matchPackageNames: ["napi", "napi-build", "napi-derive"],
-    },
-    {
-      // We need to group all macOS/iOS binding-related packages together to avoid build errors caused by version incompatibilities.
-      groupName: "macOS/iOS bindings",
-      matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"],
-    },
-    {
-      // We need to group all zbus-related packages together to avoid build errors caused by version incompatibilities.
-      groupName: "zbus",
-      matchPackageNames: ["zbus", "zbus_polkit"],
-    },
-    {
-      // We need to group all windows-related packages together to avoid build errors caused by version incompatibilities.
-      groupName: "windows",
-      matchPackageNames: ["windows", "windows-core", "windows-future", "windows-registry"],
-    },
-    {
-      // We need to group all tokio-related packages together to avoid build errors caused by version incompatibilities.
-      groupName: "tokio",
-      matchPackageNames: ["bytes", "tokio", "tokio-util"],
-    },
-    {
-      // We group all webpack build-related minor and patch updates together to reduce PR noise.
-      // We include patch updates here because we want PRs for webpack patch updates and it's in this group.
-      matchPackageNames: [
-        "@babel/core",
-        "@babel/preset-env",
-        "babel-loader",
-        "base64-loader",
-        "browserslist",
-        "copy-webpack-plugin",
-        "css-loader",
-        "html-loader",
-        "html-webpack-injector",
-        "html-webpack-plugin",
-        "mini-css-extract-plugin",
-        "postcss-loader",
-        "postcss",
-        "sass-loader",
-        "sass",
-        "style-loader",
-        "ts-loader",
-        "tsconfig-paths-webpack-plugin",
-        "webpack-cli",
-        "webpack-dev-server",
-        "webpack-node-externals",
-        "webpack",
-      ],
-      description: "webpack-related build dependencies",
-      groupName: "Minor and patch webpack updates",
-      matchUpdateTypes: ["minor", "patch"],
+      matchUpdateTypes: ["lockFileMaintenance"],
+      description: "Platform owns lock file maintenance",
+      commitMessagePrefix: "[deps] Platform:",
+      reviewers: ["team:team-platform-dev"],
    },
    {
      matchPackageNames: [
@@ -353,11 +277,6 @@
      commitMessagePrefix: "[deps] SM:",
      reviewers: ["team:team-secrets-manager-dev"],
    },
-    {
-      // We need to update several Jest-related packages together, for version compatibility.
-      groupName: "jest",
-      matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
-    },
    {
      matchPackageNames: [
        "@microsoft/signalr-protocol-msgpack",
@@ -428,6 +347,188 @@
      commitMessagePrefix: "[deps] KM:",
      reviewers: ["team:team-key-management-dev"],
    },
+
+    // ==================== Grouping Rules ====================
+    // These come after any specific team assignment rules to ensure
+    // that grouping is not overridden by subsequent rule definitions.
+    {
+      matchPackageNames: [
+        "@angular-eslint/schematics",
+        "@eslint/compat",
+        "@typescript-eslint/rule-tester",
+        "@typescript-eslint/utils",
+        "angular-eslint",
+        "eslint-config-prettier",
+        "eslint-import-resolver-typescript",
+        "eslint-plugin-import",
+        "eslint-plugin-rxjs-angular",
+        "eslint-plugin-rxjs",
+        "eslint-plugin-storybook",
+        "eslint-plugin-tailwindcss",
+        "eslint",
+        "husky",
+        "lint-staged",
+        "typescript-eslint",
+      ],
+      groupName: "Minor and patch linting updates",
+      matchUpdateTypes: ["minor", "patch"],
+    },
+    {
+      // We need to group all napi-related packages together to avoid build errors caused by version incompatibilities.
+      groupName: "napi",
+      matchPackageNames: ["napi", "napi-build", "napi-derive"],
+    },
+    {
+      // We need to group all macOS/iOS binding-related packages together to avoid build errors caused by version incompatibilities.
+      groupName: "macOS/iOS bindings",
+      matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"],
+    },
+    {
+      // We need to group all zbus-related packages together to avoid build errors caused by version incompatibilities.
+      groupName: "zbus",
+      matchPackageNames: ["zbus", "zbus_polkit"],
+    },
+    {
+      // We need to group all windows-related packages together to avoid build errors caused by version incompatibilities.
+      groupName: "windows",
+      matchPackageNames: ["windows", "windows-core", "windows-future", "windows-registry"],
+    },
+    {
+      // We need to group all tokio-related packages together to avoid build errors caused by version incompatibilities.
+      groupName: "tokio",
+      matchPackageNames: ["bytes", "tokio", "tokio-util"],
+    },
+    {
+      // We group all webpack build-related minor and patch updates together to reduce PR noise.
+      // We include patch updates here because we want PRs for webpack patch updates and it's in this group.
+      matchPackageNames: [
+        "@babel/core",
+        "@babel/preset-env",
+        "babel-loader",
+        "base64-loader",
+        "browserslist",
+        "copy-webpack-plugin",
+        "css-loader",
+        "html-loader",
+        "html-webpack-injector",
+        "html-webpack-plugin",
+        "mini-css-extract-plugin",
+        "postcss-loader",
+        "postcss",
+        "sass-loader",
+        "sass",
+        "style-loader",
+        "ts-loader",
+        "tsconfig-paths-webpack-plugin",
+        "webpack-cli",
+        "webpack-dev-server",
+        "webpack-node-externals",
+        "webpack",
+      ],
+      description: "webpack-related build dependencies",
+      groupName: "Minor and patch webpack updates",
+      matchUpdateTypes: ["minor", "patch"],
+    },
+    {
+      // We need to update several Jest-related packages together, for version compatibility.
+      groupName: "jest",
+      matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
+    },
+
+    // ==================== Dashboard Rules ====================
+    {
+      // For the packages below, we have decided we will only be creating PRs
+      // for major updates, and sending minor (as well as patch) to the dashboard.
+      // This rule comes AFTER grouping rules so that groups are respected while still
+      // sending minor/patch updates to the dependency dashboard for approval.
+      matchPackageNames: [
+        "anyhow",
+        "arboard",
+        "babel-loader",
+        "base64-loader",
+        "base64",
+        "bindgen",
+        "byteorder",
+        "bytes",
+        "core-foundation",
+        "copy-webpack-plugin",
+        "css-loader",
+        "dirs",
+        "electron-builder",
+        "electron-log",
+        "electron-reload",
+        "electron-store",
+        "electron-updater",
+        "embed_plist",
+        "futures",
+        "hex",
+        "homedir",
+        "html-loader",
+        "html-webpack-injector",
+        "html-webpack-plugin",
+        "interprocess",
+        "json5",
+        "keytar",
+        "libc",
+        "lowdb",
+        "mini-css-extract-plugin",
+        "napi",
+        "napi-build",
+        "napi-derive",
+        "node-ipc",
+        "nx",
+        "oo7",
+        "oslog",
+        "pin-project",
+        "pkg",
+        "postcss",
+        "postcss-loader",
+        "rand",
+        "sass",
+        "sass-loader",
+        "scopeguard",
+        "security-framework",
+        "security-framework-sys",
+        "semver",
+        "serde",
+        "serde_json",
+        "simplelog",
+        "style-loader",
+        "sysinfo",
+        "tokio",
+        "tokio-util",
+        "tracing",
+        "tracing-subscriber",
+        "ts-node",
+        "ts-loader",
+        "tsconfig-paths-webpack-plugin",
+        "type-fest",
+        "typenum",
+        "typescript-strict-plugin",
+        "uniffi",
+        "webpack-cli",
+        "webpack-dev-server",
+        "webpack-node-externals",
+        "widestring",
+        "windows",
+        "windows-core",
+        "windows-future",
+        "windows-registry",
+        "zbus",
+        "zbus_polkit",
+      ],
+      matchUpdateTypes: ["minor", "patch"],
+      dependencyDashboardApproval: true,
+    },
+    {
+      // By default, we send patch updates to the Dependency Dashboard and do not generate a PR.
+      // We want to generate PRs for a select number of dependencies to ensure we stay up to date on these.
+      matchPackageNames: ["browserslist", "electron", "rxjs", "typescript", "webpack", "zone.js"],
+      matchUpdateTypes: ["patch"],
+      dependencyDashboardApproval: false,
+    },
+
+    // ==================== Special Version Constraints ====================
    {
      // Any versions of lowdb above 1.0.0 are not compatible with CommonJS.
      matchPackageNames: ["lowdb"],
--- a/.github/whitelist-capital-letters.txt
+++ b/.github/whitelist-capital-letters.txt
@@ -19,8 +19,6 @@
 ./apps/cli/stores/chocolatey/tools/VERIFICATION.txt
 ./apps/browser/store/windows/AppxManifest.xml
 ./apps/browser/src/background/nativeMessaging.background.ts
-./apps/browser/src/models/browserComponentState.ts
-./apps/browser/src/models/browserGroupingsComponentState.ts
 ./apps/browser/src/models/biometricErrors.ts
 ./apps/browser/src/browser/safariApp.ts
 ./apps/browser/src/safari/desktop/ViewController.swift
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -246,7 +246,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
@@ -409,7 +409,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
@@ -572,7 +572,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
@@ -837,7 +837,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
@@ -1042,14 +1042,14 @@ jobs:

      - name: Cache Build
        id: build-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: apps/desktop/build
          key: ${{ runner.os }}-${{ github.run_id }}-build

      - name: Cache Safari
        id: safari-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: apps/browser/dist/Safari
          key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -1195,7 +1195,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
@@ -1282,14 +1282,14 @@ jobs:

      - name: Get Build Cache
        id: build-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: apps/desktop/build
          key: ${{ runner.os }}-${{ github.run_id }}-build

      - name: Setup Safari Cache
        id: safari-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: apps/browser/dist/Safari
          key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -1419,7 +1419,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
@@ -1557,14 +1557,14 @@ jobs:

      - name: Get Build Cache
        id: build-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: apps/desktop/build
          key: ${{ runner.os }}-${{ github.run_id }}-build

      - name: Setup Safari Cache
        id: safari-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: apps/browser/dist/Safari
          key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -1702,7 +1702,7 @@ jobs:
          npm link ../sdk-internal

      - name: Cache Native Module
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        id: cache
        with:
          path: |
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -65,7 +65,7 @@ jobs:

      - name: Cache NPM
        id: npm-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: "~/.npm"
          key: ${{ runner.os }}-npm-chromatic-${{ hashFiles('**/package-lock.json') }}
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -142,7 +142,7 @@ jobs:
        run: cargo +nightly udeps --workspace --all-features --all-targets

      - name: Install cargo-deny
-        uses: taiki-e/install-action@81ee1d48d9194cdcab880cbdc7d36e87d39874cb # v2.62.45
+        uses: taiki-e/install-action@073d46cba2cde38f6698c798566c1b3e24feeb44 # v2.62.67
        with:
          tool: cargo-deny@0.18.5

--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -190,7 +190,7 @@ jobs:
          path: ./apps/desktop/desktop_native

      - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
        with:
          files: |
            ./lcov.info