[PM-6446][deps] Platform: Update argon2 to v0.40.1

[renovate[bot]]

trafficstars

Fixes https://github.com/bitwarden/clients/issues/6458

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
argon2	0.31.0 -> 0.40.1

---

Release Notes

ranisalt/node-argon2 (argon2)

v0.31.2

Compare Source

Note: this is the last version that will support Node 16 since it's support has ended on 2023-09-11. Please upgrade to 18 or preferably 20 as soon as possible.

What's Changed

• Fix macos m1 build/release by @​CarsonF in https://github.com/ranisalt/node-argon2/pull/387
• Change workflow bridge routes by @​RavelloH in https://github.com/ranisalt/node-argon2/pull/388

New Contributors

• @​CarsonF made their first contribution in https://github.com/ranisalt/node-argon2/pull/387
• @​RavelloH made their first contribution in https://github.com/ranisalt/node-argon2/pull/388

Full Changelog: https://github.com/ranisalt/node-argon2/compare/v0.31.1...v0.31.2

v0.31.1

Compare Source

Maintenance release intended to fix missing prebuilts due to failure when building v0.31.0

Note: v0.31.x will be the last version supporting Node v16. Please update to Node v18 or newer.

Full Changelog: https://github.com/ranisalt/node-argon2/compare/v0.31.0...v0.31.1

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[bitwarden-bot]

Internal tracking:

• ID: PM-6446
• Link: https://bitwarden.atlassian.net/browse/PM-6446

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 27.15%. Comparing base (b1abfb0) to head (49f56b7). Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8073      +/-   ##
==========================================
- Coverage   27.17%   27.15%   -0.03%     
==========================================
  Files        2334     2330       -4     
  Lines       68077    67943     -134     
  Branches    12732    12691      -41     
==========================================
- Hits        18501    18448      -53     
+ Misses      48181    48101      -80     
+ Partials     1395     1394       -1     

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 23299444-8688-4a51-b227-eb25d5265107

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Angular_Improper_Type_Pipe_Usage	/apps/browser/src/vault/popup/components/fido2/fido2-use-browser-link.component.html: 1	Attack Vector
	Angular_Improper_Type_Pipe_Usage	/apps/web/src/app/billing/shared/adjust-storage.component.html: 27	Attack Vector
	Angular_Improper_Type_Pipe_Usage	/apps/web/src/app/billing/organizations/adjust-subscription.component.html: 54	Attack Vector
	Angular_Improper_Type_Pipe_Usage	/apps/web/src/app/billing/organizations/adjust-subscription.component.html: 18	Attack Vector
	Client_Privacy_Violation	/apps/browser/src/background/runtime.background.ts: 331	Attack Vector
	Client_Privacy_Violation	/apps/browser/src/auth/popup/account-switching/account.component.ts: 12	Attack Vector
	Client_Privacy_Violation	/apps/browser/src/auth/popup/account-switching/account.component.ts: 12	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/auth/settings/two-factor-verify.component.html: 3	Attack Vector
	Client_Privacy_Violation	/libs/components/src/color-password/color-password.component.ts: 25	Attack Vector
	Client_Privacy_Violation	/libs/components/src/color-password/color-password.component.ts: 26	Attack Vector
	Client_Privacy_Violation	/apps/desktop/src/auth/lock.component.html: 32	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/auth/lock.component.html: 18	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/billing/shared/add-credit.component.ts: 80	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/billing/shared/add-credit.component.ts: 30	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/billing/shared/add-credit.component.ts: 135	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/billing/shared/add-credit.component.ts: 146	Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/billing/shared/add-credit.component.ts: 70	Attack Vector
	Client_DOM_Open_Redirect	/apps/desktop/src/auth/accessibility-cookie.component.html: 18	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/tools/popup/generator/password-generator-history.component.ts: 18	Attack Vector
	Client_DOM_Open_Redirect	/apps/desktop/src/auth/login/login-via-auth-request.component.ts: 62	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/auth/popup/login-via-auth-request.component.ts: 54	Attack Vector
	Client_DOM_Open_Redirect	/apps/desktop/src/auth/login/login-via-auth-request.component.ts: 62	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/auth/popup/login-via-auth-request.component.ts: 54	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/auth/popup/account-switching/current-account.component.ts: 30	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/auth/popup/account-switching/account.component.ts: 25	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/vault/popup/components/vault/password-history.component.ts: 21	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/vault/popup/components/vault/attachments.component.ts: 32	Attack Vector
	Client_DOM_Open_Redirect	/apps/browser/src/popup/settings/premium.component.ts: 27	Attack Vector
	Client_Hardcoded_Domain	/apps/web/src/app/billing/shared/payment.component.ts: 56	Attack Vector
	Client_Hardcoded_Domain	/apps/web/src/app/billing/shared/payment.component.ts: 56	Attack Vector

[dani-garcia]

@MGibson1 This might need some changes to the electron builder config so the native module gets packaged correctly on desktop after #8048

The package contents appear to have changed slightly, this is what we use now for 0.31: https://github.com/bitwarden/clients/blob/7674a3ff5bf495dcf09458fa5945b6c54b3440be/apps/desktop/electron-builder.json#L23-L25

And these are the files I see in the argon 0.40.1 package:

    "**/node_modules/argon2/argon2.cjs",
    "**/node_modules/argon2/package.json",
    "**/node_modules/argon2/build/Release/argon2.node",

[MGibson1]

@MGibson1 This might need some changes to the electron builder config so the native module gets packaged correctly on desktop after #8048

The package contents appear to have changed slightly, this is what we use now for 0.31:

https://github.com/bitwarden/clients/blob/7674a3ff5bf495dcf09458fa5945b6c54b3440be/apps/desktop/electron-builder.json#L23-L25

And these are the files I see in the argon 0.40.1 package:

    "**/node_modules/argon2/argon2.cjs",
    "**/node_modules/argon2/package.json",
    "**/node_modules/argon2/build/Release/argon2.node",

Thanks for the heads up! you're dead on

[MGibson1]

@bitwarden/dept-devops, the new MacOS python version seems to be python 3.12, which removed distutils so I had to add that as a pre-build step. If there's a better place or more places to add, please let me know.

[renovate[bot]]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[trmartin4]

@MGibson1 it looks like the MacOS desktop builds are failing with an error around distutils: No module named 'distutils'