[deps]: Update node-fetch to v3

[deps]: Update @angular/compiler to v20.3.15 [SECURITY] (#939 )
* [deps]: Update @angular/compiler to v20.3.15 [SECURITY] * Upgrade Angular packages to v20.3.15 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rui Tome <rtome@bitwarden.com>
2025-12-05 23:53:21 +00:00 · 2025-12-03 14:39:38 +00:00 · 2025-12-02 15:57:14 +00:00 · 2025-12-01 11:08:58 -05:00 · 2025-11-28 10:52:30 +10:00 · 2025-11-24 15:34:31 -05:00
70 changed files with 9937 additions and 5263 deletions
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@@ -0,0 +1,203 @@
+# Bitwarden Directory Connector
+
+## Project Overview
+
+Directory Connector is a TypeScript application that synchronizes users and groups from directory services to Bitwarden organizations. It provides both a desktop GUI (built with Angular and Electron) and a CLI tool (bwdc).
+
+**Supported Directory Services:**
+
+- LDAP (Lightweight Directory Access Protocol) - includes Active Directory and general LDAP servers
+- Microsoft Entra ID (formerly Azure Active Directory)
+- Google Workspace
+- Okta
+- OneLogin
+
+**Technologies:**
+
+- TypeScript
+- Angular (GUI)
+- Electron (Desktop wrapper)
+- Node
+- Jest for testing
+
+## Code Architecture & Structure
+
+### Directory Organization
+
+```
+src/
+├── abstractions/       # Interface definitions (e.g., IDirectoryService)
+├── services/          # Business logic implementations for directory services, sync, auth
+├── models/            # Data models (UserEntry, GroupEntry, etc.)
+├── commands/          # CLI command implementations
+├── app/               # Angular GUI components
+└── utils/             # Test utilities and fixtures
+
+src-cli/               # CLI-specific code (imports common code from src/)
+
+jslib/                 # Legacy folder structure (mix of deprecated/unused and current code - new code should not be added here)
+```
+
+### Key Architectural Patterns
+
+1. **Abstractions = Interfaces**: All interfaces are defined in `/abstractions`
+2. **Services = Business Logic**: Implementations live in `/services`
+3. **Directory Service Pattern**: Each directory provider implements `IDirectoryService` interface
+4. **Separation of Concerns**: GUI (Angular app) and CLI (commands) share the same service layer
+
+## Development Conventions
+
+### Code Organization
+
+**File Naming:**
+
+- kebab-case for files: `ldap-directory.service.ts`
+- Descriptive names that reflect purpose
+
+**Class/Function Naming:**
+
+- PascalCase for classes and interfaces
+- camelCase for functions and variables
+- Descriptive names that indicate purpose
+
+**File Structure:**
+
+- Keep files focused on single responsibility
+- Create new service files for distinct directory integrations
+- Separate models into individual files when complex
+
+### TypeScript Conventions
+
+**Import Patterns:**
+
+- Use path aliases (`@/`) for project imports
+  - `@/` - project root
+  - `@/jslib/` - jslib folder
+- ESLint enforces alphabetized import ordering with newlines between groups
+
+**Type Safety:**
+
+- Avoid `any` types - use proper typing or `unknown` with type guards
+- Prefer interfaces for contracts, types for unions/intersections
+- Use strict null checks - handle `null` and `undefined` explicitly
+- Leverage TypeScript's type inference where appropriate
+
+**Configuration:**
+
+- Use configuration files or environment variables
+- Never hardcode URLs or configuration values
+
+## Security Best Practices
+
+**Credential Handling:**
+
+- Never log directory service credentials, API keys, or tokens
+- Use secure storage mechanisms for sensitive data
+- Credentials should never be hardcoded
+- Store credentials encrypted, never in plain text
+
+**Sensitive Data:**
+
+- User and group data from directories should be handled securely
+- Avoid exposing sensitive information in error messages
+- Sanitize data before logging
+- Be cautious with data persistence
+
+**Input Validation:**
+
+- Validate and sanitize data from external directory services
+- Check for injection vulnerabilities (LDAP injection, etc.)
+- Validate configuration inputs from users
+
+**API Security:**
+
+- Ensure authentication flows are implemented correctly
+- Verify SSL/TLS is used for all external connections
+- Check for secure token storage and refresh mechanisms
+
+## Error Handling
+
+**Best Practices:**
+
+1. **Try-catch for async operations** - Always wrap external API calls
+2. **Meaningful error messages** - Provide context for debugging
+3. **Error propagation** - Don't swallow errors silently
+4. **User-facing errors** - Separate user messages from developer logs
+
+## Performance Best Practices
+
+**Large Dataset Handling:**
+
+- Use pagination for large user/group lists
+- Avoid loading entire datasets into memory at once
+- Consider streaming or batch processing for large operations
+
+**API Rate Limiting:**
+
+- Respect rate limits for Microsoft Graph API, Google Admin SDK, etc.
+- Consider batching large API calls where necessary
+
+**Memory Management:**
+
+- Close connections and clean up resources
+- Remove event listeners when components are destroyed
+- Be cautious with caching large datasets
+
+## Testing
+
+**Framework:**
+
+- Jest with jest-preset-angular
+- jest-mock-extended for type-safe mocks with `mock<Type>()`
+
+**Test Organization:**
+
+- Tests colocated with source files
+- `*.spec.ts` - Unit tests for individual components/services
+- `*.integration.spec.ts` - Integration tests against live directory services
+- Test helpers located in `utils/` directory
+
+**Test Naming:**
+
+- Descriptive, human-readable test names
+- Example: `'should return empty array when no users exist in directory'`
+
+**Test Coverage:**
+
+- New features must include tests
+- Bug fixes should include regression tests
+- Changes to core sync logic or directory specific logic require integration tests
+
+**Testing Approach:**
+
+- **Unit tests**: Mock external API calls using jest-mock-extended
+- **Integration tests**: Use live directory services (Docker containers or configured cloud services)
+- Focus on critical paths (authentication, sync, data transformation)
+- Test error scenarios and edge cases (empty results, malformed data, connection failures), not just happy paths
+
+## Directory Service Patterns
+
+### IDirectoryService Interface
+
+All directory services implement this core interface with methods:
+
+- `getUsers()` - Retrieve users from directory and transform them into standard objects
+- `getGroups()` - Retrieve groups from directory and transform them into standard objects
+- Connection and authentication handling
+
+### Service-Specific Implementations
+
+Each directory service has unique authentication and query patterns:
+
+- **LDAP**: Direct LDAP queries, bind authentication
+- **Microsoft Entra ID**: Microsoft Graph API, OAuth tokens
+- **Google Workspace**: Google Admin SDK, service account credentials
+- **Okta/OneLogin**: REST APIs with API tokens
+
+## References
+
+- [Architectural Decision Records (ADRs)](https://contributing.bitwarden.com/architecture/adr/)
+- [Contributing Guidelines](https://contributing.bitwarden.com/contributing/)
+- [Code Style](https://contributing.bitwarden.com/contributing/code-style/)
+- [Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/)
+- [Security Definitions](https://contributing.bitwarden.com/architecture/security/definitions)
--- a/.claude/prompts/review-code.md
+++ b/.claude/prompts/review-code.md
@@ -0,0 +1,27 @@
+Please review this pull request with a focus on:
+
+- Code quality and best practices
+- Potential bugs or issues
+- Security implications
+- Performance considerations
+
+Note: The PR branch is already checked out in the current working directory.
+
+Provide a comprehensive review including:
+
+- Summary of changes since last review
+- Critical issues found (be thorough)
+- Suggested improvements (be thorough)
+- Good practices observed (be concise - list only the most notable items without elaboration)
+- Action items for the author
+- Leverage collapsible <details> sections where appropriate for lengthy explanations or code
+  snippets to enhance human readability
+
+When reviewing subsequent commits:
+
+- Track status of previously identified issues (fixed/unfixed/reopened)
+- Identify NEW problems introduced since last review
+- Note if fixes introduced new issues
+
+IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note
+what was done well without explaining why or praising excessively.
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -6,3 +6,14 @@

 # Default file owners.
 * @bitwarden/team-admin-console-dev
+
+# Docker-related files
+**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
+**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
+**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
+**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
+
+# Claude related files
+.claude/ @bitwarden/team-ai-sme
+.github/workflows/respond.yml @bitwarden/team-ai-sme
+.github/workflows/review-code.yml @bitwarden/team-ai-sme
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Feature Requests
+    url: https://community.bitwarden.com/c/feature-requests/
+    about: Request new features using the Community Forums. Please search existing feature requests before making a new one.
+  - name: Bitwarden Community Forums
+    url: https://community.bitwarden.com
+    about: Please visit the community forums for general community discussion, support and the development roadmap.
+  - name: Customer Support
+    url: https://bitwarden.com/contact/
+    about: Please contact our customer support for account issues and general customer support.
+  - name: Security Issues
+    url: https://hackerone.com/bitwarden
+    about: We use HackerOne to manage security disclosures.
--- a/.github/ISSUE_TEMPLATE/issue.yml
+++ b/.github/ISSUE_TEMPLATE/issue.yml
@@ -0,0 +1,111 @@
+name: Directory Connector Bug Report
+description: File a bug report
+title: "[DC] "
+labels: ["bug"]
+type: bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps To Reproduce
+      description: How can we reproduce the behavior.
+      value: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. Click on '...'
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Result
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Result
+      description: A clear and concise description of what is happening.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots or Videos
+      description: If applicable, add screenshots and/or a short video to help explain your problem.
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: What operating system(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - Windows
+        - macOS
+        - Linux
+        - Other operating system (please specify in "Additional Context" section)
+    validations:
+      required: true
+  - type: input
+    id: os-version
+    attributes:
+      label: Operating System Version
+      description: What version of the operating system(s) are you seeing the problem on?
+    validations:
+      required: true
+  - type: dropdown
+    id: directories
+    attributes:
+      label: Directory Service
+      description: What directory service(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - LDAP - Active Directory
+        - Another LDAP implementation (please specify in "Additional Context" section)
+        - Microsoft Entra ID
+        - Google Workspace
+        - Okta Universal Directory
+        - OneLogin
+        - Other directory service (please specify in "Additional Context" section)
+    validations:
+      required: true
+  - type: dropdown
+    id: application-type
+    attributes:
+      label: Application Type
+      description: Which Directory Connector application(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - GUI (the desktop application)
+        - CLI (the bwdc command line application)
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Build Version
+      description: What version of our software are you running?
+    validations:
+      required: true
+  - type: checkboxes
+    id: issue-tracking-info
+    attributes:
+      label: Issue Tracking Info
+      description: |
+        Make sure to acknowledge the following before submitting your report!
+      options:
+        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
+          required: true
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,18 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>bitwarden/renovate-config"],
-  "enabledManagers": ["github-actions", "npm"],
-  "packageRules": [
-    {
-      "groupName": "gh minor",
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["minor", "patch"]
-    },
-    {
-      "groupName": "Google Libraries",
-      "matchPackagePatterns": ["google-auth-library", "googleapis"],
-      "matchManagers": ["npm"],
-      "groupSlug": "google-libraries"
-    }
-  ]
-}
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -0,0 +1,24 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: ["github>bitwarden/renovate-config"],
+  enabledManagers: ["github-actions", "npm"],
+  packageRules: [
+    {
+      groupName: "gh minor",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["minor", "patch"],
+    },
+  ],
+  ignoreDeps: [
+    // yao-pkg is used to create a single executable application bundle for the CLI.
+    // It is a third party build of node which carries a high supply chain risk.
+    // This must be manually vetted by our appsec team before upgrading.
+    // It is excluded from renovate to avoid accidentally upgrading to a non-vetted version.
+    "@yao-pkg/pkg",
+    // googleapis uses ESM after 149.0.0 so we are not upgrading it until we have ESM support.
+    // They release new versions every couple of weeks so ignoring it at the dependency dashboard
+    // level is not sufficient.
+    // FIXME: remove and upgrade when we have ESM support.
+    "googleapis",
+  ],
+}
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,20 +23,22 @@ jobs:
      node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Get Package Version
        id: retrieve-version
        run: |
          PKG_VERSION=$(jq -r .version package.json)
-          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT
+          echo "package_version=$PKG_VERSION" >> "$GITHUB_OUTPUT"

      - name: Get Node Version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"

  linux-cli:
    name: Build Linux CLI
@@ -49,10 +51,12 @@ jobs:
      contents: read
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -61,7 +65,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"

      - name: Keytar
        run: |
@@ -72,8 +76,8 @@ jobs:
          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"

          mkdir -p ./keytar/linux
-          wget $keytarUrl -O ./keytar/linux/$keytarTarGz
-          tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux
+          wget "$keytarUrl" -O "./keytar/linux/$keytarTarGz"
+          tar -xvf "./keytar/linux/$keytarTarGz" -C ./keytar/linux

      - name: Install
        run: npm install
@@ -82,19 +86,19 @@ jobs:
        run: npm run dist:cli:lin

      - name: Zip
-        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
+        run: zip -j "dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" "dist-cli/linux/bwdc" "keytar/linux/build/Release/keytar.node"

      - name: Version Test
        run: |
          sudo apt-get update
          sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
-          eval $(dbus-launch --sh-syntax)
+          eval "$(dbus-launch --sh-syntax)"

-          eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login)
-          eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start)
+          eval "$(echo -n "" | /usr/bin/gnome-keyring-daemon --login)"
+          eval "$(/usr/bin/gnome-keyring-daemon --components=secrets --start)"

          mkdir -p test/linux
-          unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux
+          unzip "./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" -d ./test/linux

          testVersion=$(./test/linux/bwdc -v)

@@ -107,7 +111,7 @@ jobs:
          fi

      - name: Upload Linux Zip to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
          path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
@@ -116,7 +120,7 @@ jobs:

  macos-cli:
    name: Build Mac CLI
-    runs-on: macos-13
+    runs-on: macos-15-intel
    needs: setup
    permissions:
      contents: read
@@ -125,10 +129,12 @@ jobs:
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -137,7 +143,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"

      - name: Keytar
        run: |
@@ -148,8 +154,8 @@ jobs:
          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"

          mkdir -p ./keytar/macos
-          wget $keytarUrl -O ./keytar/macos/$keytarTarGz
-          tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos
+          wget "$keytarUrl" -O "./keytar/macos/$keytarTarGz"
+          tar -xvf "./keytar/macos/$keytarTarGz" -C ./keytar/macos

      - name: Install
        run: npm install
@@ -158,12 +164,12 @@ jobs:
        run: npm run dist:cli:mac

      - name: Zip
-        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
+        run: zip -j "dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" "dist-cli/macos/bwdc" "keytar/macos/build/Release/keytar.node"

      - name: Version Test
        run: |
          mkdir -p test/macos
-          unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos
+          unzip "./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" -d ./test/macos

          testVersion=$(./test/macos/bwdc -v)

@@ -176,7 +182,7 @@ jobs:
          fi

      - name: Upload Mac Zip to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
          path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
@@ -194,14 +200,16 @@ jobs:
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Setup Windows builder
        run: |
          choco install checksum --no-progress

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -241,7 +249,7 @@ jobs:
      - name: Version Test
        shell: pwsh
        run: |
-          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
+          Expand-Archive -Path "dist-cli\bwdc-windows-$env:_PACKAGE_VERSION.zip" -DestinationPath "test\windows"
          $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
          echo "version: ${env:_PACKAGE_VERSION}"
          echo "testVersion: $testVersion"
@@ -250,7 +258,7 @@ jobs:
          }

      - name: Upload Windows Zip to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
          path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
@@ -267,17 +275,20 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}

      - name: Update NPM
        run: |
@@ -327,28 +338,28 @@ jobs:
          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}

      - name: Upload Portable Executable to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
          path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
          if-no-files-found: error

      - name: Upload Installer Executable to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
          path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
          if-no-files-found: error

      - name: Upload Installer Executable Blockmap to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
          path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
          if-no-files-found: error

      - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: latest.yml
          path: ./dist/latest.yml
@@ -364,22 +375,25 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}

      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"

      - name: Set up environment
        run: |
@@ -397,14 +411,14 @@ jobs:
        run: npm run dist:lin

      - name: Upload AppImage
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
          if-no-files-found: error

      - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: latest-linux.yml
          path: ./dist/latest-linux.yml
@@ -413,7 +427,7 @@ jobs:

  macos-gui:
    name: Build MacOS GUI
-    runs-on: macos-13
+    runs-on: macos-15-intel
    needs: setup
    permissions:
      contents: read
@@ -421,22 +435,25 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}

      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"

      - name: Print environment
        run: |
@@ -461,16 +478,16 @@ jobs:

      - name: Get certificates
        run: |
-          mkdir -p $HOME/certificates
+          mkdir -p "$HOME/certificates"

          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
-            jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
+            jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"

          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
-            jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
+            jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"

          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
-            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
+            jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"

      - name: Log out from Azure
        uses: bitwarden/gh-actions/azure-logout@main
@@ -479,9 +496,9 @@ jobs:
        env:
          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
        run: |
-          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
          security default-keychain -s build.keychain
-          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
          security set-keychain-settings -lut 1200 build.keychain

          security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
@@ -493,12 +510,12 @@ jobs:
          security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
            -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild

-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain

      - name: Load package version
        run: |
          $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path "$rootPath\package.json" | ConvertFrom-Json).version;

          Write-Output "Setting package version to $packageVersion";
          Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -508,10 +525,12 @@ jobs:
        run: npm install

      - name: Set up private auth key
+        env:
+          _APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
        run: |
          mkdir ~/private_keys
          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
+          ${_APP_STORE_CONNECT_AUTH_KEY}
          EOF

      - name: Build application
@@ -523,28 +542,28 @@ jobs:
          CSC_FOR_PULL_REQUEST: true

      - name: Upload .zip artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
          if-no-files-found: error

      - name: Upload .dmg artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
          if-no-files-found: error

      - name: Upload .dmg Blockmap artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
          if-no-files-found: error

      - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: latest-mac.yml
          path: ./dist/latest-mac.yml
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -2,23 +2,36 @@ name: Integration Testing

 on:
  workflow_dispatch:
+  # Integration tests are slow, so only run them if relevant files have changed.
+  # This is done at the workflow level and at the job level.
+  # Make sure these triggers stay consistent with the 'changed-files' job.
  push:
    branches:
-      - "main"
+      - 'main'
+      - 'rc'
    paths:
      - ".github/workflows/integration-test.yml" # this file
-      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
-      - "./openldap/**/*" # any change to test fixtures
-      - "./docker-compose.yml" # any change to Docker configuration
+      - "docker-compose.yml" # any change to Docker configuration
+      - "package.json" # dependencies
+      - "utils/**" # any change to test fixtures
+      - "src/services/sync.service.ts" # core sync service used by all directory services
+      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
+      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
+      # Add directory services here as we add test coverage
  pull_request:
    paths:
      - ".github/workflows/integration-test.yml" # this file
-      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
-      - "./openldap/**/*" # any change to test fixtures
-      - "./docker-compose.yml" # any change to Docker configuration
+      - "docker-compose.yml" # any change to Docker configuration
+      - "package.json" # dependencies
+      - "utils/**" # any change to test fixtures
+      - "src/services/sync.service.ts" # core sync service used by all directory services
+      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
+      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
+      # Add directory services here as we add test coverage
 permissions:
  contents: read
  checks: write # required by dorny/test-reporter to upload its results
+  id-token: write # required to use OIDC to login to Azure Key Vault
 jobs:
  testing:
    name: Run tests
@@ -27,17 +40,19 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Get Node version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -46,23 +61,81 @@ jobs:
      - name: Install Node dependencies
        run: npm ci

-      - name: Install mkcert
+      # Get secrets from Azure Key Vault
+      - name: Azure Login
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get KV Secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "GOOGLE-ADMIN-USER,GOOGLE-CLIENT-EMAIL,GOOGLE-DOMAIN,GOOGLE-PRIVATE-KEY"
+
+      - name: Azure Logout
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      # Only run relevant tests depending on what files have changed.
+      # This should be kept consistent with the workflow level triggers.
+      # Note: docker-compose.yml is only used for ldap for now
+      - name: Get changed files
+        id: changed-files
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        with:
+          list-files: shell
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # Add directory services here as we add test coverage
+          filters: |
+            common:
+              - '.github/workflows/integration-test.yml'
+              - 'utils/**'
+              - 'package.json'
+              - 'src/services/sync.service.ts'
+            ldap:
+              - 'docker-compose.yml'
+              - 'src/services/directory-services/ldap-directory.service*'
+            google:
+              - 'src/services/directory-services/gsuite-directory.service*'
+
+      # LDAP
+      - name: Setup LDAP integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
        run: |
          sudo apt-get update
          sudo apt-get -y install mkcert
+          npm run test:integration:setup

-      - name: Setup integration tests
-        run: npm run test:integration:setup
+      - name: Run LDAP integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        env:
+          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
+        run: npx jest ldap-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-ldap

-      - name: Run integration tests
-        run: npm run test:integration --coverage
+      # Google Workspace
+      - name: Run Google Workspace integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.google == 'true'
+        env:
+          GOOGLE_DOMAIN: ${{ steps.get-kv-secrets.outputs.GOOGLE-DOMAIN }}
+          GOOGLE_ADMIN_USER: ${{ steps.get-kv-secrets.outputs.GOOGLE-ADMIN-USER }}
+          GOOGLE_CLIENT_EMAIL: ${{ steps.get-kv-secrets.outputs.GOOGLE-CLIENT-EMAIL }}
+          GOOGLE_PRIVATE_KEY: ${{ steps.get-kv-secrets.outputs.GOOGLE-PRIVATE-KEY }}
+          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
+        run: |
+          npx jest gsuite-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-google

      - name: Report test results
-        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
-        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
+        id: report
+        uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
+        # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
+        # PRs from the repository and all other events are OK.
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
        with:
          name: Test Results
-          path: "junit.xml"
+          path: "junit.xml*"
          reporter: jest-junit
          fail-on-error: true

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,7 +26,9 @@ jobs:
      release_version: ${{ steps.version.outputs.version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Branch check
        if: ${{ inputs.release_type != 'Dry Run' }}
--- a/.github/workflows/respond.yml
+++ b/.github/workflows/respond.yml
@@ -0,0 +1,28 @@
+name: Respond
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+permissions: {}
+
+jobs:
+  respond:
+    name: Respond
+    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write
--- a/.github/workflows/review-code.yml
+++ b/.github/workflows/review-code.yml
@@ -0,0 +1,21 @@
+name: Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions: {}
+
+jobs:
+  review:
+    name: Review
+    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      pull-requests: write
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,17 +22,19 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false

      - name: Get Node version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"

      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -51,8 +53,10 @@ jobs:
        run: npm run test --coverage

      - name: Report test results
-        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
-        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
+        uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
+        # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
+        # PRs from the repository and all other events are OK.
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
        with:
          name: Test Results
          path: "junit.xml"
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -42,16 +42,17 @@ jobs:
        uses: bitwarden/gh-actions/azure-logout@main

      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        id: app-token
        with:
          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}

      - name: Checkout Branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: true

      - name: Setup git
        run: |
@@ -62,7 +63,7 @@ jobs:
        id: current-version
        run: |
          CURRENT_VERSION=$(cat package.json | jq -r '.version')
-          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"

      - name: Verify input version
        if: ${{ inputs.version_number_override != '' }}
@@ -77,8 +78,7 @@ jobs:
          fi

          # Check if version is newer.
-          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
-          if [ $? -eq 0 ]; then
+          if printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V; then
            echo "Version check successful."
          else
            echo "Version check failed."
@@ -110,26 +110,34 @@ jobs:

      - name: Set final version output
        id: set-final-version-output
+        env:
+          _BUMP_VERSION_OVERRIDE_OUTCOME: ${{ steps.bump-version-override.outcome }}
+          _INPUT_VERSION_NUMBER_OVERRIDE: ${{ inputs.version_number_override }}
+          _BUMP_VERSION_AUTOMATIC_OUTCOME: ${{ steps.bump-version-automatic.outcome }}
+          _CALCULATE_NEXT_VERSION: ${{ steps.calculate-next-version.outputs.version }}
+          
        run: |
-          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
-            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
+          if [[ "$_BUMP_VERSION_OVERRIDE_OUTCOME" == "success" ]]; then
+            echo "version=$_INPUT_VERSION_NUMBER_OVERRIDE" >> "$GITHUB_OUTPUT"
+          elif [[ "$_BUMP_VERSION_AUTOMATIC_OUTCOME" == "success" ]]; then
+            echo "version=$_CALCULATE_NEXT_VERSION" >> "$GITHUB_OUTPUT"
          fi

      - name: Check if version changed
        id: version-changed
        run: |
          if [ -n "$(git status --porcelain)" ]; then
-            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
+            echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
          else
-            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
+            echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
            echo "No changes to commit!";
          fi

      - name: Commit files
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
+        env:
+          _VERSION: ${{ steps.set-final-version-output.outputs.version }}
+        run: git commit -m "Bumped version to $_VERSION" -a

      - name: Push changes
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,9 @@
 .DS_Store
 Thumbs.db

+# Environment variables used for tests
+.env
+
 # IDEs and editors
 .idea/
 .project
@@ -30,8 +33,8 @@ build-cli
 .angular/cache

 # Testing
-coverage
-junit.xml
+coverage*
+junit.xml*

 # Misc
 *.crx
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  open-ldap:
-    image: bitnami/openldap:latest
+    image: bitnamilegacy/openldap:latest
    hostname: openldap
    environment:
      - LDAP_ADMIN_USERNAME=admin
@@ -11,8 +11,8 @@ services:
      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
    volumes:
-      - "./openldap/ldifs:/ldifs"
-      - "./openldap/certs:/certs"
+      - "./utils/openldap/ldifs:/ldifs"
+      - "./utils/openldap/certs:/certs"
    ports:
      - "1389:1389"
      - "1636:1636"
--- a/jslib/angular/src/components/modal/modal-injector.ts
+++ b/jslib/angular/src/components/modal/modal-injector.ts
@@ -1,4 +1,4 @@
-import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";
+import { InjectOptions, Injector, ProviderToken } from "@angular/core";

 export class ModalInjector implements Injector {
  constructor(
@@ -12,8 +12,7 @@ export class ModalInjector implements Injector {
    options: InjectOptions & { optional?: false },
  ): T;
  get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions): T;
  get(token: any, notFoundValue?: any): any;
  get(token: any, notFoundValue?: any, flags?: any): any {
    return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);
--- a/jslib/angular/src/components/toastr.component.ts
+++ b/jslib/angular/src/components/toastr.component.ts
@@ -60,6 +60,7 @@ import {
    ]),
  ],
  preserveWhitespaces: false,
+  standalone: false,
 })
 export class BitwardenToast extends BaseToast {
  constructor(
--- a/jslib/angular/src/directives/a11y-title.directive.ts
+++ b/jslib/angular/src/directives/a11y-title.directive.ts
@@ -2,6 +2,7 @@ import { Directive, ElementRef, Input, Renderer2 } from "@angular/core";

@Directive({
  selector: "[appA11yTitle]",
+  standalone: false,
 })
 export class A11yTitleDirective {
  @Input() set appA11yTitle(title: string) {
--- a/jslib/angular/src/directives/api-action.directive.ts
+++ b/jslib/angular/src/directives/api-action.directive.ts
@@ -13,6 +13,7 @@ import { ValidationService } from "../services/validation.service";
 */
@Directive({
  selector: "[appApiAction]",
+  standalone: false,
 })
 export class ApiActionDirective implements OnChanges {
  @Input() appApiAction: Promise<any>;
--- a/jslib/angular/src/directives/autofocus.directive.ts
+++ b/jslib/angular/src/directives/autofocus.directive.ts
@@ -5,6 +5,7 @@ import { Utils } from "@/jslib/common/src/misc/utils";

@Directive({
  selector: "[appAutofocus]",
+  standalone: false,
 })
 export class AutofocusDirective {
  @Input() set appAutofocus(condition: boolean | string) {
--- a/jslib/angular/src/directives/blur-click.directive.ts
+++ b/jslib/angular/src/directives/blur-click.directive.ts
@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener } from "@angular/core";

@Directive({
  selector: "[appBlurClick]",
+  standalone: false,
 })
 export class BlurClickDirective {
  constructor(private el: ElementRef) {}
--- a/jslib/angular/src/directives/box-row.directive.ts
+++ b/jslib/angular/src/directives/box-row.directive.ts
@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener, OnInit } from "@angular/core";

@Directive({
  selector: "[appBoxRow]",
+  standalone: false,
 })
 export class BoxRowDirective implements OnInit {
  el: HTMLElement = null;
--- a/jslib/angular/src/directives/fallback-src.directive.ts
+++ b/jslib/angular/src/directives/fallback-src.directive.ts
@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener, Input } from "@angular/core";

@Directive({
  selector: "[appFallbackSrc]",
+  standalone: false,
 })
 export class FallbackSrcDirective {
  @Input("appFallbackSrc") appFallbackSrc: string;
--- a/jslib/angular/src/directives/stop-click.directive.ts
+++ b/jslib/angular/src/directives/stop-click.directive.ts
@@ -2,6 +2,7 @@ import { Directive, HostListener } from "@angular/core";

@Directive({
  selector: "[appStopClick]",
+  standalone: false,
 })
 export class StopClickDirective {
  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
--- a/jslib/angular/src/directives/stop-prop.directive.ts
+++ b/jslib/angular/src/directives/stop-prop.directive.ts
@@ -2,6 +2,7 @@ import { Directive, HostListener } from "@angular/core";

@Directive({
  selector: "[appStopProp]",
+  standalone: false,
 })
 export class StopPropDirective {
  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
--- a/jslib/angular/src/pipes/i18n.pipe.ts
+++ b/jslib/angular/src/pipes/i18n.pipe.ts
@@ -4,6 +4,7 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";

@Pipe({
  name: "i18n",
+  standalone: false,
 })
 export class I18nPipe implements PipeTransform {
  constructor(private i18nService: I18nService) {}
--- a/jslib/common/src/models/request/identityToken/passwordTokenRequest.ts
+++ b/jslib/common/src/models/request/identityToken/passwordTokenRequest.ts
@@ -31,7 +31,4 @@ export class PasswordTokenRequest extends TokenRequest implements CaptchaProtect
    return obj;
  }

-  alterIdentityTokenHeaders(headers: Headers) {
-    headers.set("Auth-Email", Utils.fromUtf8ToUrlB64(this.email));
-  }
 }
--- a/openldap/mkcert.sh
+++ b/openldap/mkcert.sh
@@ -1,10 +0,0 @@
-if ! [ -x "$(command -v mkcert)" ]; then
-  echo 'Error: mkcert is not installed. Install mkcert first and then re-run this script.'
-  echo 'e.g. brew install mkcert'
-  exit 1
-fi
-
-mkcert -install
-mkdir -p ./openldap/certs
-cp "$(mkcert -CAROOT)/rootCA.pem" ./openldap/certs/rootCA.pem
-mkcert -key-file ./openldap/certs/openldap-key.pem -cert-file ./openldap/certs/openldap.pem localhost openldap
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "@bitwarden/directory-connector",
  "productName": "Bitwarden Directory Connector",
  "description": "Sync your user directory to your Bitwarden organization.",
-  "version": "2025.6.1",
+  "version": "2025.11.0",
  "keywords": [
    "bitwarden",
    "password",
@@ -69,37 +69,37 @@
    "test:watch:all": "jest --watchAll --testPathIgnorePatterns=.integration.spec.ts",
    "test:integration": "jest .integration.spec.ts",
    "test:integration:watch": "jest .integration.spec.ts --watch",
-    "test:integration:setup": "sh ./openldap/mkcert.sh && docker compose up -d",
+    "test:integration:setup": "sh ./utils/openldap/mkcert.sh && docker compose up -d",
    "test:types": "npx tsc --noEmit"
  },
  "devDependencies": {
-    "@angular-devkit/build-angular": "17.3.17",
-    "@angular-eslint/eslint-plugin-template": "17.5.3",
-    "@angular-eslint/template-parser": "17.5.3",
-    "@angular/compiler-cli": "17.3.12",
+    "@angular-devkit/build-angular": "20.3.3",
+    "@angular-eslint/eslint-plugin-template": "20.6.0",
+    "@angular-eslint/template-parser": "20.6.0",
+    "@angular/compiler-cli": "20.3.15",
    "@electron/notarize": "2.5.0",
-    "@electron/rebuild": "3.7.2",
+    "@electron/rebuild": "4.0.1",
    "@fluffy-spoon/substitute": "1.208.0",
-    "@microsoft/microsoft-graph-types": "2.40.0",
-    "@ngtools/webpack": "17.3.17",
+    "@microsoft/microsoft-graph-types": "2.43.1",
+    "@ngtools/webpack": "20.3.3",
    "@types/inquirer": "8.2.10",
    "@types/jest": "29.5.14",
    "@types/lowdb": "1.0.15",
-    "@types/node": "20.14.8",
+    "@types/node": "22.18.1",
    "@types/node-fetch": "2.6.12",
    "@types/node-forge": "1.3.11",
    "@types/proper-lockfile": "4.1.4",
    "@types/tldjs": "2.3.4",
-    "@typescript-eslint/eslint-plugin": "8.35.0",
-    "@typescript-eslint/parser": "8.35.0",
+    "@typescript-eslint/eslint-plugin": "8.46.0",
+    "@typescript-eslint/parser": "8.46.0",
    "@yao-pkg/pkg": "5.16.1",
    "clean-webpack-plugin": "4.0.0",
-    "concurrently": "9.1.2",
+    "concurrently": "9.2.0",
    "copy-webpack-plugin": "13.0.0",
    "cross-env": "7.0.3",
    "css-loader": "7.1.2",
-    "dotenv": "16.5.0",
-    "electron": "34.5.8",
+    "dotenv": "17.2.0",
+    "electron": "39.2.1",
    "electron-builder": "24.13.3",
    "electron-log": "5.4.1",
    "electron-reload": "2.0.0-alpha.1",
@@ -107,72 +107,72 @@
    "electron-updater": "6.6.2",
    "eslint": "8.57.1",
    "eslint-config-prettier": "10.1.5",
-    "eslint-import-resolver-typescript": "3.7.0",
-    "eslint-plugin-import": "2.31.0",
+    "eslint-import-resolver-typescript": "4.4.4",
+    "eslint-plugin-import": "2.32.0",
    "eslint-plugin-rxjs": "5.0.3",
    "eslint-plugin-rxjs-angular": "2.0.1",
-    "form-data": "4.0.3",
+    "form-data": "4.0.4",
+    "glob": "11.1.0",
    "html-loader": "5.1.0",
    "html-webpack-plugin": "5.6.3",
    "husky": "9.1.7",
    "jest": "29.7.0",
    "jest-junit": "16.0.0",
-    "jest-mock-extended": "4.0.0",
+    "jest-mock-extended": "3.0.7",
    "jest-preset-angular": "14.6.0",
-    "lint-staged": "16.1.2",
+    "lint-staged": "16.2.6",
    "mini-css-extract-plugin": "2.9.2",
-    "node-abi": "3.75.0",
-    "node-forge": "1.3.1",
+    "minimatch": "5.1.2",
+    "node-forge": "1.3.2",
    "node-loader": "2.1.0",
-    "prettier": "3.5.3",
-    "rimraf": "6.0.1",
+    "prettier": "3.6.2",
+    "rimraf": "6.1.0",
    "rxjs": "7.8.2",
-    "sass": "1.89.2",
+    "sass": "1.93.2",
    "sass-loader": "16.0.5",
-    "ts-jest": "29.4.0",
+    "ts-jest": "29.4.1",
    "ts-loader": "9.5.2",
    "tsconfig-paths-webpack-plugin": "4.2.0",
-    "type-fest": "4.41.0",
-    "typescript": "5.4.5",
-    "webpack": "5.99.9",
+    "type-fest": "5.0.1",
+    "typescript": "5.8.3",
+    "webpack": "5.102.1",
    "webpack-cli": "6.0.1",
    "webpack-merge": "6.0.1",
    "webpack-node-externals": "3.0.0",
-    "zone.js": "0.14.10"
+    "zone.js": "0.15.1"
  },
  "dependencies": {
-    "@angular/animations": "17.3.12",
-    "@angular/cdk": "17.3.10",
-    "@angular/common": "17.3.12",
-    "@angular/compiler": "17.3.12",
-    "@angular/core": "17.3.12",
-    "@angular/forms": "17.3.12",
-    "@angular/platform-browser": "17.3.12",
-    "@angular/platform-browser-dynamic": "17.3.12",
-    "@angular/router": "17.3.12",
+    "@angular/animations": "20.3.15",
+    "@angular/cdk": "20.2.14",
+    "@angular/cli": "20.3.3",
+    "@angular/common": "20.3.15",
+    "@angular/compiler": "20.3.15",
+    "@angular/core": "20.3.15",
+    "@angular/forms": "20.3.15",
+    "@angular/platform-browser": "20.3.15",
+    "@angular/platform-browser-dynamic": "20.3.15",
+    "@angular/router": "20.3.15",
    "@microsoft/microsoft-graph-client": "3.0.7",
    "big-integer": "1.6.52",
    "bootstrap": "5.3.7",
    "browser-hrtime": "1.1.8",
    "chalk": "4.1.2",
    "commander": "14.0.0",
-    "core-js": "3.44.0",
-    "form-data": "4.0.3",
-    "google-auth-library": "10.1.0",
-    "googleapis": "150.0.1",
+    "form-data": "4.0.4",
+    "googleapis": "149.0.0",
    "https-proxy-agent": "7.0.6",
    "inquirer": "8.2.6",
    "keytar": "7.9.0",
    "ldapts": "8.0.1",
    "lowdb": "1.0.0",
-    "ngx-toastr": "19.0.0",
-    "node-fetch": "2.7.0",
-    "parse5": "7.3.0",
+    "ngx-toastr": "19.1.0",
+    "node-fetch": "3.3.2",
+    "parse5": "8.0.0",
    "proper-lockfile": "4.1.2",
    "rxjs": "7.8.2",
    "tldjs": "2.3.1",
    "uuid": "11.1.0",
-    "zone.js": "0.14.10"
+    "zone.js": "0.15.1"
  },
  "engines": {
    "node": "~20",
--- a/src/abstractions/directory-factory.service.ts
+++ b/src/abstractions/directory-factory.service.ts
@@ -1,5 +1,5 @@
 import { DirectoryType } from "@/src/enums/directoryType";
-import { IDirectoryService } from "@/src/services/directory.service";
+import { IDirectoryService } from "@/src/services/directory-services/directory.service";

 export abstract class DirectoryFactoryService {
  abstract createService(type: DirectoryType): IDirectoryService;
--- a/src/app/accounts/apiKey.component.ts
+++ b/src/app/accounts/apiKey.component.ts
@@ -16,6 +16,7 @@ import { EnvironmentComponent } from "./environment.component";
@Component({
  selector: "app-apiKey",
  templateUrl: "apiKey.component.html",
+  standalone: false,
 })
 // There is an eslint exception made here due to semantics.
 // The eslint rule expects a typical takeUntil() pattern involving component destruction.
--- a/src/app/accounts/environment.component.ts
+++ b/src/app/accounts/environment.component.ts
@@ -8,6 +8,7 @@ import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUt
@Component({
  selector: "app-environment",
  templateUrl: "environment.component.html",
+  standalone: false,
 })
 export class EnvironmentComponent extends BaseEnvironmentComponent {
  constructor(
--- a/src/app/app.component.ts
+++ b/src/app/app.component.ts
@@ -28,6 +28,7 @@ const BroadcasterSubscriptionId = "AppComponent";
  styles: [],
  template: ` <ng-template #settings></ng-template>
    <router-outlet></router-outlet>`,
+  standalone: false,
 })
 export class AppComponent implements OnInit {
  @ViewChild("settings", { read: ViewContainerRef, static: true }) settingsRef: ViewContainerRef;
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -1,4 +1,3 @@
-import "core-js/stable";
 import "zone.js";

 import { NgModule } from "@angular/core";
--- a/src/app/tabs/dashboard.component.ts
+++ b/src/app/tabs/dashboard.component.ts
@@ -17,6 +17,7 @@ const BroadcasterSubscriptionId = "DashboardComponent";
@Component({
  selector: "app-dashboard",
  templateUrl: "dashboard.component.html",
+  standalone: false,
 })
 export class DashboardComponent implements OnInit, OnDestroy {
  simGroups: GroupEntry[];
@@ -111,7 +112,7 @@ export class DashboardComponent implements OnInit, OnDestroy {
      this.simEnabledUsers = result.enabledUsers;
      this.simDisabledUsers = result.disabledUsers;
      this.simDeletedUsers = result.deletedUsers;
-    } catch (e) {
+    } catch {
      this.simGroups = null;
      this.simUsers = null;
    }
--- a/src/app/tabs/more.component.ts
+++ b/src/app/tabs/more.component.ts
@@ -12,6 +12,7 @@ const BroadcasterSubscriptionId = "MoreComponent";
@Component({
  selector: "app-more",
  templateUrl: "more.component.html",
+  standalone: false,
 })
 export class MoreComponent implements OnInit {
  version: string;
--- a/src/app/tabs/settings.component.ts
+++ b/src/app/tabs/settings.component.ts
@@ -1,4 +1,5 @@
 import { ChangeDetectorRef, Component, NgZone, OnDestroy, OnInit } from "@angular/core";
+import { webUtils } from "electron";

 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
@@ -16,6 +17,7 @@ import { ConnectorUtils } from "../../utils";
@Component({
  selector: "app-settings",
  templateUrl: "settings.component.html",
+  standalone: false,
 })
 export class SettingsComponent implements OnInit, OnDestroy {
  directory: DirectoryType;
@@ -121,7 +123,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
      return;
    }

-    (this.ldap as any)[id] = filePicker.files[0].path;
+    (this.ldap as any)[id] = webUtils.getPathForFile(filePicker.files[0]);
    // reset file input
    // ref: https://stackoverflow.com/a/20552042
    filePicker.type = "";
--- a/src/app/tabs/tabs.component.ts
+++ b/src/app/tabs/tabs.component.ts
@@ -3,5 +3,6 @@ import { Component } from "@angular/core";
@Component({
  selector: "app-tabs",
  templateUrl: "tabs.component.html",
+  standalone: false,
 })
 export class TabsComponent {}
--- a/src/locales/en/messages.json
+++ b/src/locales/en/messages.json
@@ -768,5 +768,8 @@
    },
    "launchWebVault": {
        "message": "Launch Web Vault"
+    },
+    "authenticationFailed": {
+        "message": "Authentication failed"
    }
 }
--- a/src/scss/bootstrap.scss
+++ b/src/scss/bootstrap.scss
@@ -8,8 +8,9 @@ $theme-colors: (
  "secondary": #ced4da,
  "secondary-alt": #1a3b66,
 );
-$font-family-sans-serif: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif,
-  "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+$font-family-sans-serif:
+  "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif, "Apple Color Emoji",
+  "Segoe UI Emoji", "Segoe UI Symbol";

 $h1-font-size: 2rem;
 $h2-font-size: 1.3rem;
--- a/src/services/batch-requests-builder.spec.ts
+++ b/src/services/batch-requests-builder.spec.ts
@@ -2,8 +2,8 @@ import { GetUniqueString } from "@/jslib/common/spec/utils";

 import { UserEntry } from "@/src/models/userEntry";

+import { groupSimulator, userSimulator } from "../../utils/request-builder-helper";
 import { RequestBuilderOptions } from "../abstractions/request-builder.service";
-import { groupSimulator, userSimulator } from "../utils/request-builder-helper";

 import { BatchRequestBuilder } from "./batch-request-builder";

--- a/src/services/directory-factory.service.ts
+++ b/src/services/directory-factory.service.ts
@@ -5,11 +5,11 @@ import { DirectoryFactoryService } from "../abstractions/directory-factory.servi
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";

-import { EntraIdDirectoryService } from "./entra-id-directory.service";
-import { GSuiteDirectoryService } from "./gsuite-directory.service";
-import { LdapDirectoryService } from "./ldap-directory.service";
-import { OktaDirectoryService } from "./okta-directory.service";
-import { OneLoginDirectoryService } from "./onelogin-directory.service";
+import { EntraIdDirectoryService } from "./directory-services/entra-id-directory.service";
+import { GSuiteDirectoryService } from "./directory-services/gsuite-directory.service";
+import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
+import { OktaDirectoryService } from "./directory-services/okta-directory.service";
+import { OneLoginDirectoryService } from "./directory-services/onelogin-directory.service";

 export class DefaultDirectoryFactoryService implements DirectoryFactoryService {
  constructor(
--- a/src/services/directory-services/directory.service.ts
+++ b/src/services/directory-services/directory.service.ts
@@ -1,5 +1,5 @@
-import { GroupEntry } from "../models/groupEntry";
-import { UserEntry } from "../models/userEntry";
+import { GroupEntry } from "../../models/groupEntry";
+import { UserEntry } from "../../models/userEntry";

 export interface IDirectoryService {
  getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]>;
--- a/src/services/directory-services/entra-id-directory.service.ts
+++ b/src/services/directory-services/entra-id-directory.service.ts
@@ -7,14 +7,14 @@ import * as graphType from "@microsoft/microsoft-graph-types";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../enums/directoryType";
-import { EntraIdConfiguration } from "../models/entraIdConfiguration";
-import { GroupEntry } from "../models/groupEntry";
-import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../models/userEntry";
+import { StateService } from "../../abstractions/state.service";
+import { DirectoryType } from "../../enums/directoryType";
+import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
+import { GroupEntry } from "../../models/groupEntry";
+import { SyncConfiguration } from "../../models/syncConfiguration";
+import { UserEntry } from "../../models/userEntry";
+import { BaseDirectoryService } from "../baseDirectory.service";

-import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 const EntraIdPublicIdentityAuthority = "login.microsoftonline.com";
--- a/src/services/directory-services/gsuite-directory.service.integration.spec.ts
+++ b/src/services/directory-services/gsuite-directory.service.integration.spec.ts
@@ -0,0 +1,85 @@
+import { config as dotenvConfig } from "dotenv";
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
+import { LogService } from "../../../jslib/common/src/abstractions/log.service";
+import {
+  getGSuiteConfiguration,
+  getSyncConfiguration,
+} from "../../../utils/google-workspace/config-fixtures";
+import { groupFixtures } from "../../../utils/google-workspace/group-fixtures";
+import { userFixtures } from "../../../utils/google-workspace/user-fixtures";
+import { DirectoryType } from "../../enums/directoryType";
+import { StateService } from "../state.service";
+
+import { GSuiteDirectoryService } from "./gsuite-directory.service";
+
+// These tests integrate with a test Google Workspace instance.
+// Credentials are located in the shared Bitwarden collection for Directory Connector testing.
+// Place the .env file attachment in the utils folder.
+
+// Load .env variables
+dotenvConfig({ path: "utils/.env" });
+
+// These filters target integration test data.
+// These should return data that matches the user and group fixtures exactly.
+// There may be additional data present if not used.
+const INTEGRATION_USER_FILTER = "|orgUnitPath='/Integration testing'";
+const INTEGRATION_GROUP_FILTER = "|name:Integration*";
+
+// These tests are slow!
+// Increase the default timeout from 5s to 15s
+jest.setTimeout(15000);
+
+describe("gsuiteDirectoryService", () => {
+  let logService: MockProxy<LogService>;
+  let i18nService: MockProxy<I18nService>;
+  let stateService: MockProxy<StateService>;
+
+  let directoryService: GSuiteDirectoryService;
+
+  beforeEach(() => {
+    logService = mock();
+    i18nService = mock();
+    stateService = mock();
+
+    stateService.getDirectoryType.mockResolvedValue(DirectoryType.GSuite);
+    stateService.getLastUserSync.mockResolvedValue(null); // do not filter results by last modified date
+    i18nService.t.mockImplementation((id) => id); // passthrough implementation for any error  messages
+
+    directoryService = new GSuiteDirectoryService(logService, i18nService, stateService);
+  });
+
+  it("syncs without using filters (includes test data)", async () => {
+    const directoryConfig = getGSuiteConfiguration();
+    stateService.getDirectory.calledWith(DirectoryType.GSuite).mockResolvedValue(directoryConfig);
+
+    const syncConfig = getSyncConfiguration({
+      groups: true,
+      users: true,
+    });
+    stateService.getSync.mockResolvedValue(syncConfig);
+
+    const result = await directoryService.getEntries(true, true);
+
+    expect(result[0]).toEqual(expect.arrayContaining(groupFixtures));
+    expect(result[1]).toEqual(expect.arrayContaining(userFixtures));
+  });
+
+  it("syncs using user and group filters (exact match for test data)", async () => {
+    const directoryConfig = getGSuiteConfiguration();
+    stateService.getDirectory.calledWith(DirectoryType.GSuite).mockResolvedValue(directoryConfig);
+
+    const syncConfig = getSyncConfiguration({
+      groups: true,
+      users: true,
+      userFilter: INTEGRATION_USER_FILTER,
+      groupFilter: INTEGRATION_GROUP_FILTER,
+    });
+    stateService.getSync.mockResolvedValue(syncConfig);
+
+    const result = await directoryService.getEntries(true, true);
+
+    expect(result).toEqual([groupFixtures, userFixtures]);
+  });
+});
--- a/src/services/directory-services/gsuite-directory.service.ts
+++ b/src/services/directory-services/gsuite-directory.service.ts
@@ -4,14 +4,14 @@ import { admin_directory_v1, google } from "googleapis";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../models/groupEntry";
-import { GSuiteConfiguration } from "../models/gsuiteConfiguration";
-import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../models/userEntry";
+import { StateService } from "../../abstractions/state.service";
+import { DirectoryType } from "../../enums/directoryType";
+import { GroupEntry } from "../../models/groupEntry";
+import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
+import { SyncConfiguration } from "../../models/syncConfiguration";
+import { UserEntry } from "../../models/userEntry";
+import { BaseDirectoryService } from "../baseDirectory.service";

-import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 export class GSuiteDirectoryService extends BaseDirectoryService implements IDirectoryService {
@@ -253,7 +253,15 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
      ],
    });

-    await this.client.authorize();
+    try {
+      await this.client.authorize();
+    } catch (error) {
+      // Catch and rethrow this to sanitize any sensitive info (e.g. private key) in the error message
+      this.logService.error(
+        `Google Workspace authentication failed: ${error?.name || "Unknown error"}`,
+      );
+      throw new Error(this.i18nService.t("authenticationFailed"));
+    }

    this.authParams = {
      auth: this.client,
--- a/src/services/directory-services/ldap-directory.service.integration.spec.ts
+++ b/src/services/directory-services/ldap-directory.service.integration.spec.ts
@@ -1,14 +1,17 @@
 import { mock, MockProxy } from "jest-mock-extended";

-import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
-import { LogService } from "../../jslib/common/src/abstractions/log.service";
-import { groupFixtures } from "../../openldap/group-fixtures";
-import { userFixtures } from "../../openldap/user-fixtures";
-import { DirectoryType } from "../enums/directoryType";
-import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";
+import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
+import { LogService } from "../../../jslib/common/src/abstractions/log.service";
+import {
+  getLdapConfiguration,
+  getSyncConfiguration,
+} from "../../../utils/openldap/config-fixtures";
+import { groupFixtures } from "../../../utils/openldap/group-fixtures";
+import { userFixtures } from "../../../utils/openldap/user-fixtures";
+import { DirectoryType } from "../../enums/directoryType";
+import { StateService } from "../state.service";

 import { LdapDirectoryService } from "./ldap-directory.service";
-import { StateService } from "./state.service";

 // These tests integrate with the OpenLDAP docker image and seed data located in the openldap folder.
 // To run theses tests:
@@ -52,7 +55,7 @@ describe("ldapDirectoryService", () => {
        getLdapConfiguration({
          ssl: true,
          startTls: true,
-          tlsCaPath: "./openldap/certs/rootCA.pem",
+          tlsCaPath: "./utils/openldap/certs/rootCA.pem",
        }),
      );
      stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
@@ -67,7 +70,7 @@ describe("ldapDirectoryService", () => {
        getLdapConfiguration({
          port: 1636,
          ssl: true,
-          sslCaPath: "./openldap/certs/rootCA.pem",
+          sslCaPath: "./utils/openldap/certs/rootCA.pem",
        }),
      );
      stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
--- a/src/services/directory-services/ldap-directory.service.ts
+++ b/src/services/directory-services/ldap-directory.service.ts
@@ -7,12 +7,12 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
 import { Utils } from "@/jslib/common/src/misc/utils";

-import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../models/groupEntry";
-import { LdapConfiguration } from "../models/ldapConfiguration";
-import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../models/userEntry";
+import { StateService } from "../../abstractions/state.service";
+import { DirectoryType } from "../../enums/directoryType";
+import { GroupEntry } from "../../models/groupEntry";
+import { LdapConfiguration } from "../../models/ldapConfiguration";
+import { SyncConfiguration } from "../../models/syncConfiguration";
+import { UserEntry } from "../../models/userEntry";

 import { IDirectoryService } from "./directory.service";

@@ -118,7 +118,7 @@ export class LdapDirectoryService implements IDirectoryService {
        [delControl],
      );
      return regularUsers.concat(deletedUsers);
-    } catch (e) {
+    } catch {
      this.logService.warning("Cannot query deleted users.");
      return regularUsers;
    }
@@ -192,14 +192,21 @@ export class LdapDirectoryService implements IDirectoryService {
      this.syncConfig.userFilter,
    );
    const userPath = this.makeSearchPath(this.syncConfig.userPath);
-    const userIdMap = new Map<string, string>();
+    const userDnMap = new Map<string, string>();
+    const userUidMap = new Map<string, string>();
    await this.search<string>(userPath, userFilter, (se: any) => {
-      userIdMap.set(this.getReferenceId(se), this.getExternalId(se, this.getReferenceId(se)));
+      const dn = this.getReferenceId(se);
+      const uid = this.getAttr<string>(se, "uid");
+      const externalId = this.getExternalId(se, dn);
+      userDnMap.set(dn, externalId);
+      if (uid != null) {
+        userUidMap.set(uid.toLowerCase(), externalId);
+      }
      return se;
    });

    for (const se of groupSearchEntries) {
-      const group = this.buildGroup(se, userIdMap);
+      const group = this.buildGroup(se, userDnMap, userUidMap);
      if (group != null) {
        entries.push(group);
      }
@@ -208,7 +215,20 @@ export class LdapDirectoryService implements IDirectoryService {
    return entries;
  }

-  private buildGroup(searchEntry: any, userMap: Map<string, string>) {
+  /**
+   * Builds a GroupEntry from LDAP search results, including membership.
+   * Supports user membership by DN or UID and nested group membership by DN.
+   *
+   * @param searchEntry - The LDAP search entry containing group data
+   * @param userDnMap - Map of user DNs to their external IDs
+   * @param userUidMap - Map of user UIDs to their external IDs
+   * @returns A populated GroupEntry object, or null if the group lacks required properties
+   */
+  private buildGroup(
+    searchEntry: any,
+    userDnMap: Map<string, string>,
+    userUidMap: Map<string, string>,
+  ) {
    const group = new GroupEntry();
    group.referenceId = this.getReferenceId(searchEntry);
    if (group.referenceId == null) {
@@ -228,11 +248,34 @@ export class LdapDirectoryService implements IDirectoryService {

    const members = this.getAttrVals<string>(searchEntry, this.syncConfig.memberAttribute);
    if (members != null) {
-      for (const memDn of members) {
-        if (userMap.has(memDn) && !group.userMemberExternalIds.has(userMap.get(memDn))) {
-          group.userMemberExternalIds.add(userMap.get(memDn));
-        } else if (!group.groupMemberReferenceIds.has(memDn)) {
-          group.groupMemberReferenceIds.add(memDn);
+      // Parses a group member attribute and identifies it as a member DN, member Uid, or a group Dn
+      const getMemberAttributeType = (member: string): "memberDn" | "memberUid" | "groupDn" => {
+        const isDnLike = member.includes("=") && member.includes(",");
+        if (isDnLike) {
+          return userDnMap.has(member) ? "memberDn" : "groupDn";
+        }
+        return "memberUid";
+      };
+
+      for (const member of members) {
+        switch (getMemberAttributeType(member)) {
+          case "memberDn": {
+            const externalId = userDnMap.get(member);
+            if (externalId != null) {
+              group.userMemberExternalIds.add(externalId);
+            }
+            break;
+          }
+          case "memberUid": {
+            const externalId = userUidMap.get(member.toLowerCase());
+            if (externalId != null) {
+              group.userMemberExternalIds.add(externalId);
+            }
+            break;
+          }
+          case "groupDn":
+            group.groupMemberReferenceIds.add(member);
+            break;
        }
      }
    }
--- a/src/services/directory-services/okta-directory.service.ts
+++ b/src/services/directory-services/okta-directory.service.ts
@@ -3,14 +3,14 @@ import * as https from "https";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../models/groupEntry";
-import { OktaConfiguration } from "../models/oktaConfiguration";
-import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../models/userEntry";
+import { StateService } from "../../abstractions/state.service";
+import { DirectoryType } from "../../enums/directoryType";
+import { GroupEntry } from "../../models/groupEntry";
+import { OktaConfiguration } from "../../models/oktaConfiguration";
+import { SyncConfiguration } from "../../models/syncConfiguration";
+import { UserEntry } from "../../models/userEntry";
+import { BaseDirectoryService } from "../baseDirectory.service";

-import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 const DelayBetweenBuildGroupCallsInMilliseconds = 500;
--- a/src/services/directory-services/onelogin-directory.service.ts
+++ b/src/services/directory-services/onelogin-directory.service.ts
@@ -1,14 +1,14 @@
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../models/groupEntry";
-import { OneLoginConfiguration } from "../models/oneLoginConfiguration";
-import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../models/userEntry";
+import { StateService } from "../../abstractions/state.service";
+import { DirectoryType } from "../../enums/directoryType";
+import { GroupEntry } from "../../models/groupEntry";
+import { OneLoginConfiguration } from "../../models/oneLoginConfiguration";
+import { SyncConfiguration } from "../../models/syncConfiguration";
+import { UserEntry } from "../../models/userEntry";
+import { BaseDirectoryService } from "../baseDirectory.service";

-import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 // Basic email validation: something@something.something
--- a/src/services/single-request-builder.spec.ts
+++ b/src/services/single-request-builder.spec.ts
@@ -2,8 +2,8 @@ import { GetUniqueString } from "@/jslib/common/spec/utils";

 import { UserEntry } from "@/src/models/userEntry";

+import { groupSimulator, userSimulator } from "../../utils/request-builder-helper";
 import { RequestBuilderOptions } from "../abstractions/request-builder.service";
-import { groupSimulator, userSimulator } from "../utils/request-builder-helper";

 import { SingleRequestBuilder } from "./single-request-builder";

--- a/src/services/sync.service.integration.spec.ts
+++ b/src/services/sync.service.integration.spec.ts
@@ -7,19 +7,20 @@ import { EnvironmentService } from "@/jslib/common/src/services/environment.serv

 import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
 import { LogService } from "../../jslib/common/src/abstractions/log.service";
-import { groupFixtures } from "../../openldap/group-fixtures";
-import { userFixtures } from "../../openldap/user-fixtures";
+import { getLdapConfiguration, getSyncConfiguration } from "../../utils/openldap/config-fixtures";
 import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
 import { DirectoryType } from "../enums/directoryType";
-import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";

 import { BatchRequestBuilder } from "./batch-request-builder";
-import { LdapDirectoryService } from "./ldap-directory.service";
+import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
 import { SingleRequestBuilder } from "./single-request-builder";
 import { StateService } from "./state.service";
 import { SyncService } from "./sync.service";
 import * as constants from "./sync.service";

+import { groupFixtures } from "@/utils/openldap/group-fixtures";
+import { userFixtures } from "@/utils/openldap/user-fixtures";
+
 describe("SyncService", () => {
  let logService: MockProxy<LogService>;
  let i18nService: MockProxy<I18nService>;
@@ -123,7 +124,10 @@ describe("SyncService", () => {
      expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(
        expect.objectContaining({ overwriteExisting: false }),
      );
-      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(6);
+
+      // The expected number of calls may change if more data is added to the ldif
+      // Make sure it equals (number of users / 4) + (number of groups / 4)
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(7);

      // @ts-expect-error Reset batch size to original state.
      constants.batchSize = originalBatchSize;
--- a/src/services/sync.service.spec.ts
+++ b/src/services/sync.service.spec.ts
@@ -6,20 +6,20 @@ import { MessagingService } from "@/jslib/common/src/abstractions/messaging.serv
 import { OrganizationImportRequest } from "@/jslib/common/src/models/request/organizationImportRequest";
 import { ApiService } from "@/jslib/common/src/services/api.service";

+import { getSyncConfiguration } from "../../utils/openldap/config-fixtures";
 import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
 import { DirectoryType } from "../enums/directoryType";
-import { getSyncConfiguration } from "../utils/test-fixtures";

 import { BatchRequestBuilder } from "./batch-request-builder";
+import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
 import { I18nService } from "./i18n.service";
-import { LdapDirectoryService } from "./ldap-directory.service";
 import { SingleRequestBuilder } from "./single-request-builder";
 import { StateService } from "./state.service";
 import { SyncService } from "./sync.service";
 import * as constants from "./sync.service";

-import { groupFixtures } from "@/openldap/group-fixtures";
-import { userFixtures } from "@/openldap/user-fixtures";
+import { groupFixtures } from "@/utils/openldap/group-fixtures";
+import { userFixtures } from "@/utils/openldap/user-fixtures";

 describe("SyncService", () => {
  let cryptoFunctionService: MockProxy<CryptoFunctionService>;
--- a/utils/.env.example
+++ b/utils/.env.example
@@ -0,0 +1,4 @@
+GOOGLE_DOMAIN=
+GOOGLE_ADMIN_USER=
+GOOGLE_CLIENT_EMAIL=
+GOOGLE_PRIVATE_KEY=
--- a/utils/google-workspace/config-fixtures.ts
+++ b/utils/google-workspace/config-fixtures.ts
@@ -0,0 +1,56 @@
+import { GSuiteConfiguration } from "../../src/models/gsuiteConfiguration";
+import { SyncConfiguration } from "../../src/models/syncConfiguration";
+
+/**
+ * @returns a basic GSuite configuration. Can be overridden by passing in a partial configuration.
+ */
+export const getGSuiteConfiguration = (
+  config?: Partial<GSuiteConfiguration>,
+): GSuiteConfiguration => {
+  const adminUser = process.env.GOOGLE_ADMIN_USER;
+  const clientEmail = process.env.GOOGLE_CLIENT_EMAIL;
+  const privateKey = process.env.GOOGLE_PRIVATE_KEY;
+  const domain = process.env.GOOGLE_DOMAIN;
+
+  if (!adminUser || !clientEmail || !privateKey || !domain) {
+    throw new Error("Google Workspace integration test credentials not configured.");
+  }
+
+  return {
+    // TODO
+    adminUser,
+    clientEmail,
+    privateKey,
+    domain: domain,
+    customer: "",
+    ...(config ?? {}),
+  };
+};
+
+/**
+ * @returns a basic Google Workspace sync configuration. Can be overridden by passing in a partial configuration.
+ */
+export const getSyncConfiguration = (config?: Partial<SyncConfiguration>): SyncConfiguration => ({
+  users: false,
+  groups: false,
+  interval: 5,
+  userFilter: "",
+  groupFilter: "",
+  removeDisabled: false,
+  overwriteExisting: false,
+  largeImport: false,
+  // Ldap properties - not optional for some reason
+  groupObjectClass: "",
+  userObjectClass: "",
+  groupPath: null,
+  userPath: null,
+  groupNameAttribute: "",
+  userEmailAttribute: "",
+  memberAttribute: "",
+  useEmailPrefixSuffix: false,
+  emailPrefixAttribute: "",
+  emailSuffix: null,
+  creationDateAttribute: "",
+  revisionDateAttribute: "",
+  ...(config ?? {}),
+});
--- a/utils/google-workspace/group-fixtures.ts
+++ b/utils/google-workspace/group-fixtures.ts
@@ -0,0 +1,26 @@
+import { Jsonify } from "type-fest";
+
+import { GroupEntry } from "../../src/models/groupEntry";
+
+// These must match the Google Workspace seed data
+
+const data: Jsonify<GroupEntry>[] = [
+  {
+    externalId: "0319y80a3anpxhj",
+    groupMemberReferenceIds: [],
+    name: "Integration Test Group A",
+    referenceId: "0319y80a3anpxhj",
+    userMemberExternalIds: ["111605910541641314041", "111147009830456099026"],
+    users: [],
+  },
+  {
+    externalId: "02afmg28317uyub",
+    groupMemberReferenceIds: [],
+    name: "Integration Test Group B",
+    referenceId: "02afmg28317uyub",
+    userMemberExternalIds: ["111147009830456099026", "100150970267699397306"],
+    users: [],
+  },
+];
+
+export const groupFixtures = data.map((g) => GroupEntry.fromJSON(g));
--- a/utils/google-workspace/user-fixtures.ts
+++ b/utils/google-workspace/user-fixtures.ts
@@ -0,0 +1,50 @@
+import { Jsonify } from "type-fest";
+
+import { UserEntry } from "../../src/models/userEntry";
+
+// These must match the Google Workspace seed data
+
+const data: Jsonify<UserEntry>[] = [
+  // In Group A
+  {
+    deleted: false,
+    disabled: false,
+    email: "testuser1@bwrox.dev",
+    externalId: "111605910541641314041",
+    referenceId: "111605910541641314041",
+  },
+  // In Groups A + B
+  {
+    deleted: false,
+    disabled: false,
+    email: "testuser2@bwrox.dev",
+    externalId: "111147009830456099026",
+    referenceId: "111147009830456099026",
+  },
+  // In Group B
+  {
+    deleted: false,
+    disabled: false,
+    email: "testuser3@bwrox.dev",
+    externalId: "100150970267699397306",
+    referenceId: "100150970267699397306",
+  },
+  // Not in a group
+  {
+    deleted: false,
+    disabled: false,
+    email: "testuser4@bwrox.dev",
+    externalId: "113764752650306721470",
+    referenceId: "113764752650306721470",
+  },
+  // Disabled user
+  {
+    deleted: false,
+    disabled: true,
+    email: "testuser5@bwrox.dev",
+    externalId: "110381976819725658200",
+    referenceId: "110381976819725658200",
+  },
+];
+
+export const userFixtures = data.map((g) => UserEntry.fromJSON(g));
--- a/utils/openldap/config-fixtures.ts
+++ b/utils/openldap/config-fixtures.ts
@@ -1,5 +1,5 @@
-import { LdapConfiguration } from "../models/ldapConfiguration";
-import { SyncConfiguration } from "../models/syncConfiguration";
+import { LdapConfiguration } from "../../src/models/ldapConfiguration";
+import { SyncConfiguration } from "../../src/models/syncConfiguration";

 /**
 * @returns a basic ldap configuration without TLS/SSL enabled. Can be overridden by passing in a partial configuration.
--- a/utils/openldap/example-ldifs/directory-100.ldif
+++ b/utils/openldap/example-ldifs/directory-100.ldif
--- a/utils/openldap/example-ldifs/directory-11000.ldif
+++ b/utils/openldap/example-ldifs/directory-11000.ldif
--- a/utils/openldap/example-ldifs/directory-250.ldif
+++ b/utils/openldap/example-ldifs/directory-250.ldif
--- a/utils/openldap/example-ldifs/directory-50.ldif
+++ b/utils/openldap/example-ldifs/directory-50.ldif
--- a/utils/openldap/example-ldifs/directory-500.ldif
+++ b/utils/openldap/example-ldifs/directory-500.ldif
--- a/utils/openldap/group-fixtures.ts
+++ b/utils/openldap/group-fixtures.ts
@@ -1,6 +1,6 @@
 import { Jsonify } from "type-fest";

-import { GroupEntry } from "../src/models/groupEntry";
+import { GroupEntry } from "@/src/models/groupEntry";

 // These must match the ldap server seed data in directory.ldif
 const data: Jsonify<GroupEntry>[] = [
@@ -35,6 +35,29 @@ const data: Jsonify<GroupEntry>[] = [
    externalId: "cn=Cleaners,ou=Janitorial,dc=bitwarden,dc=com",
    name: "Cleaners",
  },
+  {
+    userMemberExternalIds: [
+      "cn=Painterson Miki,ou=Product Development,dc=bitwarden,dc=com",
+      "cn=Virgina Pichocki,ou=Product Development,dc=bitwarden,dc=com",
+      "cn=Steffen Carsten,ou=Product Development,dc=bitwarden,dc=com",
+    ],
+    groupMemberReferenceIds: [],
+    users: [],
+    referenceId: "cn=DevOps Team,dc=bitwarden,dc=com",
+    externalId: "cn=DevOps Team,dc=bitwarden,dc=com",
+    name: "DevOps Team",
+  },
+  {
+    userMemberExternalIds: [
+      "cn=Angus Merizzi,ou=Management,dc=bitwarden,dc=com",
+      "cn=Grissel Currer,ou=Management,dc=bitwarden,dc=com",
+    ],
+    groupMemberReferenceIds: [],
+    users: [],
+    referenceId: "cn=Security Team,dc=bitwarden,dc=com",
+    externalId: "cn=Security Team,dc=bitwarden,dc=com",
+    name: "Security Team",
+  },
 ];

 export const groupFixtures = data.map((g) => GroupEntry.fromJSON(g));
--- a/utils/openldap/ldifs/directory-20.ldif
+++ b/utils/openldap/ldifs/directory-20.ldif
@@ -688,4 +688,27 @@ mobile: +1 804 319-5569
 pager: +1 804 815-3661
 roomNumber: 9273
 manager: cn=Inga Schnirer,ou=Product Testing,dc=bitwarden, dc=com
-secretary: cn=Keven Gilleland,ou=Administrative,dc=bitwarden, dc=com 
+secretary: cn=Keven Gilleland,ou=Administrative,dc=bitwarden, dc=com
+
+# DevOps Team and Security Team identify their members by the member uid attribute,
+# instead of the member Dn attribute.
+# These test that group membership by uid works correctly.
+
+dn: cn=DevOps Team,dc=bitwarden,dc=com
+changetype: add
+cn: DevOps Team
+gidnumber: 800
+memberuid: mikip
+memberuid: pichockv
+memberuid: carstens
+objectclass: posixGroup
+objectclass: top
+
+dn: cn=Security Team,dc=bitwarden,dc=com
+changetype: add
+cn: Security Team
+gidnumber: 900
+memberuid: merizzia
+memberuid: currerg
+objectclass: posixGroup
+objectclass: top
--- a/utils/openldap/mkcert.sh
+++ b/utils/openldap/mkcert.sh
@@ -0,0 +1,10 @@
+if ! [ -x "$(command -v mkcert)" ]; then
+  echo 'Error: mkcert is not installed. Install mkcert first and then re-run this script.'
+  echo 'e.g. brew install mkcert'
+  exit 1
+fi
+
+mkcert -install
+mkdir -p ./utils/openldap/certs
+cp "$(mkcert -CAROOT)/rootCA.pem" ./utils/openldap/certs/rootCA.pem
+mkcert -key-file ./utils/openldap/certs/openldap-key.pem -cert-file ./utils/openldap/certs/openldap.pem localhost openldap
--- a/utils/openldap/user-fixtures.ts
+++ b/utils/openldap/user-fixtures.ts
@@ -1,6 +1,6 @@
 import { Jsonify } from "type-fest";

-import { UserEntry } from "../src/models/userEntry";
+import { UserEntry } from "@/src/models/userEntry";

 // These must match the ldap server seed data in directory.ldif
 const data: Jsonify<UserEntry>[] = [
--- a/src/utils/request-builder-helper.ts
+++ b/src/utils/request-builder-helper.ts
@@ -1,7 +1,7 @@
 import { GetUniqueString } from "@/jslib/common/spec/utils";

-import { GroupEntry } from "../models/groupEntry";
-import { UserEntry } from "../models/userEntry";
+import { GroupEntry } from "../src/models/groupEntry";
+import { UserEntry } from "../src/models/userEntry";

 export function userSimulator(userCount: number): UserEntry[] {
  const users: UserEntry[] = [];
Author	SHA1	Message	Date
renovate[bot]	a9356a901a	[deps]: Update node-fetch to v3	2025-12-03 14:39:38 +00:00
renovate[bot]	2ad35be82e	[deps]: Update @angular/compiler to v20.3.15 [SECURITY] (#939 ) * [deps]: Update @angular/compiler to v20.3.15 [SECURITY] * Upgrade Angular packages to v20.3.15 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rui Tome <rtome@bitwarden.com>	2025-12-02 15:57:14 +00:00
renovate[bot]	bdfc8ae5eb	[deps]: Update node-forge to v1.3.2 [SECURITY] (#937 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-12-01 11:08:58 -05:00
renovate[bot]	7d218eac2f	[deps]: Update @angular/common to v20.3.14 [SECURITY] (#938 ) * [deps]: Update @angular/common to v20.3.14 [SECURITY] * Upgrade all @angular packages to 20.3.14 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com>	2025-11-28 10:52:30 +10:00
renovate[bot]	ccbb24d504	[deps]: Update rimraf to v6.1.0 (#914 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-24 15:34:31 -05:00
renovate[bot]	dd1f36e3d6	[deps]: Update electron to v39.2.1 (#934 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-24 14:53:45 -05:00
Vincent Salucci	0780f9a931	chore: change checkboxes to dropdowns (#932 )	2025-11-21 14:39:23 -06:00
Vincent Salucci	62c8a64298	chore: attempt to fix checkboxes required state (#930 )	2025-11-21 13:45:22 -06:00
brandonbiete	0d3bbc1db8	[BRE-1367] Update macos workflows to use macos-15-intel runners (#928 )	2025-11-21 14:38:59 -05:00
Vincent Salucci	99655a0abf	chore: add issue template and base config (#926 ) * chore: add issue template and base config * chore: add additional details to application type and add additional directory service * chore: group LDAP services	2025-11-20 20:24:22 -06:00
brandonbiete	2883ff6068	[BRE-1302] Revert runner upgrade and target arch changes to get back to stable state (#925 )	2025-11-20 11:06:49 -05:00
renovate[bot]	f5abaf114a	[deps]: Update actions/setup-node action to v6 (#908 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-18 15:22:43 +00:00
renovate[bot]	5792578946	[deps]: Update glob to v11.1.0 [SECURITY] (#923 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-18 09:48:22 -05:00
renovate[bot]	6b3b29a1a0	[deps]: Update angular-eslint monorepo to v20.6.0 (#911 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-18 14:06:00 +00:00
renovate[bot]	02809be178	[deps]: Update actions/upload-artifact action to v5 (#916 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-18 13:43:59 +00:00
Thomas Rittson	6abfdd8a88	Fix not reporting test results on push to main (#921 ) Allow other events to report test results	2025-11-18 08:50:19 +10:00
Vincent Salucci	b95f57c4e7	chore: bump version to v2025.11.0 (#922 )	2025-11-17 11:38:29 -06:00
renovate[bot]	9ecfc29ae4	[deps]: Update electron to v39 (#917 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-13 13:59:52 -05:00
Mick Letofsky	e32f29b8e7	[PM-27181] - Grant additional permissions for review code (#920 )	2025-11-13 14:44:41 +01:00
brandonbiete	e333db372d	[BRE-1302] Update runners to macos-15 (#918 ) * [BRE-1302] Update runners to macos-15 and update architecture dependencies and targets to arm64 * [BRE-1302] Update macos-cli build job to macos-15 runner	2025-11-12 09:44:59 -05:00
Thomas Rittson	a44eb28be8	[PM-26672] Add Google Workspace integration tests to CI pipeline (#909 ) - reorganize integration test files to allow for future additions - add Google Workspace integration tests to the Github workflow - refactor to run tests selective based on changed files and use Azure Key Vault	2025-11-12 06:03:37 +10:00
Thomas Rittson	ab436551de	Remove unused dep: node-abi (#919 )	2025-11-12 06:01:34 +10:00
renovate[bot]	10e17adfb2	[deps]: Update lint-staged to v16.2.6 (#897 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-11-10 15:24:06 -06:00
Mick Letofsky	c7db8376ec	Implement reusable Claude code review workflow (#905 ) * Implement reusable Claude code review workflow	2025-10-30 07:39:45 +01:00
renovate[bot]	bc996d680f	[deps]: Update angular-eslint monorepo to v20.4.0 (#906 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-28 15:04:12 -04:00
Thomas Rittson	fe01b49df1	[PM-26671] Google workspace integration tests (#894 ) Add tests for Google Workspace - not enabled in CI yet	2025-10-28 11:31:02 +10:00
renovate[bot]	daeb96713f	[deps]: Update @microsoft/microsoft-graph-types to v2.43.1 (#895 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-22 16:38:53 -04:00
renovate[bot]	f6791dabef	[deps]: Update electron to v38.3.0 (#896 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-22 15:51:18 -04:00
renovate[bot]	a3a5ed8531	[deps]: Update webpack to v5.102.1 (#900 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-22 15:47:11 -04:00
renovate[bot]	d3d62c30aa	[deps]: Update node-abi to v3.78.0 (#898 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-22 15:04:21 -04:00
renovate[bot]	f81155b6b3	[deps]: Update glob to v11 (#902 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-22 13:58:57 -04:00
Vincent Salucci	57a3ef04cc	chore: version bump to 2025.10.0 (#904 )	2025-10-20 12:50:18 -05:00
renovate[bot]	4e21b28276	[deps]: Update typescript-eslint monorepo to v8.46.0 (#885 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-17 15:22:20 -04:00
renovate[bot]	1c2a0c677b	[deps]: Update ngx-toastr to v19.1.0 (#883 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-17 15:07:36 -04:00
renovate[bot]	5666f09e89	[deps]: Update type-fest to v5 (#886 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-15 15:49:36 -05:00
Thomas Rittson	b13895bdd6	[PM-26669] Fix Google Workspace dynamic import error in CLI (#893 ) * Revert "[PM-26454] Undo removal of core-js to fix dynamic import errors (#890)" This reverts commit `7c27202dab`. This removes the core-js dependency again, because restoring it did not fix the bug. * Downgrade googleapis to 149 to avoid ESM issue * Exclude googleapis from updates	2025-10-09 07:10:03 +10:00
renovate[bot]	29fc4ad61e	[deps]: Update sass to v1.93.2 (#884 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-10-07 15:11:07 +01:00
Brandon Treston	f722196149	upgrade Angular libs to v20 (#892 )	2025-10-07 10:09:22 -04:00
Matt Andreko	a4ec6df118	Cleanup of workflow files (#891 )	2025-10-06 14:36:56 -04:00
Thomas Rittson	01e60bf090	Use legacy bitnami openldap image (#888 ) This has been discontinued but we will use the legacy image for now to maintain CI test coverage while we find a replacement.	2025-10-03 07:24:00 +10:00
Thomas Rittson	7c27202dab	[PM-26454] Undo removal of core-js to fix dynamic import errors (#890 ) * Undo removal of core-js to fix dynamic import errors * chore: update package-lock with npm install --------- Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>	2025-10-02 11:06:49 -05:00
sso-bitwarden	77ea7a395d	[PM-11981] Support LDAP membership with UID (#841 ) --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com>	2025-10-01 11:34:36 +10:00
Tyler	a259de8b26	BRE-1158 Dockerfiles shared ownership (#880 ) * BRE-1158 Dockerfiles shared ownership * feat: Docker Compose rule	2025-09-30 13:50:39 -04:00
renovate[bot]	06dbc14136	[deps]: Update actions/checkout action to v5 (#874 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-09-29 11:16:25 -04:00
Vincent Salucci	e74546e8c3	chore: bump version to v2025.9.0 (#881 )	2025-09-22 12:05:12 -05:00
renovate[bot]	5ac0cc408e	[deps]: Update node-abi to v3.77.0 (#871 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-09-22 10:42:44 -05:00
renovate[bot]	9044f94f43	[deps]: Update electron to v38 (#876 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-09-19 08:44:13 -05:00
renovate[bot]	1b2c854569	[deps]: Update typescript-eslint monorepo to v8.43.0 (#873 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-09-17 15:14:40 -05:00
renovate[bot]	e5b3e58a02	[deps]: Update electron to v37.4.0 (#870 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>	2025-09-17 15:58:28 -04:00
renovate[bot]	32b29d2d34	[deps]: Update sass to v1.92.1 (#872 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>	2025-09-17 11:46:54 -04:00
renovate[bot]	a68744524c	[deps]: Update actions/setup-node action to v5 (#875 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-09-17 09:57:34 -04:00
renovate[bot]	cee7700895	[deps]: Update @types/node to v22.18.1 (#844 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>	2025-09-11 14:36:33 -04:00
renovate[bot]	b2c60aab1e	[deps]: Update ts-jest to v29.4.1 (#848 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>	2025-09-11 14:22:39 -04:00
renovate[bot]	ab76a7eac4	[deps]: Update google-auth-library to v10.3.0 (#846 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>	2025-09-11 13:58:55 -04:00
renovate[bot]	d662c05b3e	[deps]: Update electron to v37.3.1 [SECURITY] (#862 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-09-11 10:31:00 -04:00
Thomas Rittson	ec2c40a565	Exclude yao-pkg from renovate with comment (#859 )	2025-08-30 08:58:24 +10:00
Vincent Salucci	8dc2be7fab	chore: bump verstion to 2025.8.0 (#861 )	2025-08-25 13:27:14 -05:00
Thomas Rittson	2879d9c38c	Pin dependencies (#858 )	2025-08-22 11:17:26 +10:00
renovate[bot]	71ca0772a9	[deps]: Update eslint-import-resolver-typescript to v4 (#860 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-20 14:18:25 +10:00
renovate[bot]	6ff39dd207	[deps]: Update typescript-eslint monorepo to v8.39.1 (#850 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-20 13:51:56 +10:00
Thomas Rittson	489effb852	Remove core-js (#857 ) Directory Connector runs on Electron and Node, both environments that we control. Polyfills for old browsers are not required.	2025-08-20 13:40:00 +10:00
renovate[bot]	acb5bc4d25	[deps]: Update webpack to v5.101.0 (#851 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-19 12:16:44 +01:00
renovate[bot]	cac411fb29	[deps]: Update sass to v1.90.0 (#847 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-19 10:02:32 +10:00
sneakernuts	94881d0db0	SRE-2329 remove auth-email header (#784 )	2025-08-18 08:35:44 -06:00
renovate[bot]	a7c3c40570	[deps]: Update typescript to v5.8.3 (#730 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-07 10:29:38 -04:00
renovate[bot]	88af7d6b12	[deps]: Update actions/create-github-app-token action to v2 (#785 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-04 15:49:00 -04:00
renovate[bot]	3716e5ca57	[deps]: Update dorny/test-reporter action to v2 (#787 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-08-04 15:37:14 -04:00
renovate[bot]	3cc4f90688	[deps]: Update concurrently to v9.2.0 (#823 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-31 16:34:33 -04:00
renovate[bot]	afa6ced621	[deps]: Update @types/node to v22 (#822 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-31 16:30:33 -04:00
renovate[bot]	68efd0a86e	[deps]: Update webpack to v5.100.2 (#829 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-31 16:25:22 -04:00
renovate[bot]	7fb8732e1e	[deps]: Update prettier to v3.6.2 (#827 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-29 14:50:23 -04:00
renovate[bot]	48acb783fe	[deps]: Update electron to v37 (#831 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-29 14:43:44 -04:00
renovate[bot]	3df63b8ddf	[deps]: Update parse5 to v8 (#833 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-29 14:38:27 -04:00
Vincent Salucci	ed40b17a80	chore: bump version to v2025.7.0 (#840 )	2025-07-28 09:40:48 -05:00
Brandon Treston	460de6a075	[PM-23377] electron v36 (#839 ) * angular 18 upgrade * wip * wip * remove @types/glob, fix jest version, use standalone: false * clean up * npm ci * update electron to v36 * fix electron v36 update * fix package-lock.json	2025-07-28 09:40:15 -04:00
renovate[bot]	4784d45d23	[deps]: Update googleapis to v153 (#832 ) * [deps]: Update googleapis to v153 * added dependency googleapis-common as its required by googleapis now. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: jrmccannon <jmccannon@bitwarden.com>	2025-07-25 08:15:38 -05:00
renovate[bot]	60d9a35239	[deps]: Update @electron/rebuild to v4 (#780 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-24 15:48:53 -05:00
renovate[bot]	5ffd761326	[deps]: Update typescript-eslint monorepo to v8.37.0 (#828 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-24 11:14:47 -05:00
renovate[bot]	55fe14b744	[deps]: Update eslint-plugin-import to v2.32.0 (#826 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-24 10:53:42 -05:00
renovate[bot]	c0cbf7651a	[deps]: Update dotenv to v17 (#830 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-24 10:24:20 -05:00
Thomas Rittson	926202f80a	Update gui builds to use nvmrc (#838 ) - use .nvmrc node version in GUI build jobs (matches CLI build jobs) - has the effect of upgrading from node 18 -> 20 in these jobs (but note Electron uses its own version of node not this one)	2025-07-24 09:52:53 -04:00
Brandon Treston	3013e5f06f	[PM-23399] Angular 19 and type script 5.6 (#835 ) * angular 18 upgrade * wip * wip * remove @types/glob, fix jest version, use standalone: false * clean up * npm ci	2025-07-24 09:50:16 -04:00
renovate[bot]	6789a14527	[deps]: Update form-data to v4.0.4 [SECURITY] (#836 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-07-22 13:33:00 -05:00