[PM-17232] Move all desktop native dependencies to workspace Cargo.toml

[trmartin4]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-17232

📔 Objective

We currently have direct dependencies listed in our Cargo.toml files for each of the subcrates in desktop-native. In order to allow dependency updates to be reviewed by the dependency-owning team, not necessarily the subcrate-owning team, we have decided to move all desktop_native dependencies into the workspace Cargo.toml.

This will allow us to manage dependency ownership directly in renovate.json5 instead of relying on CODEOWNERS to assign reviewers for dependency updates.

This PR assigns the Rust dependencies based on my best interpretation of who the correct code owner should be. This change adds Renovate-managed dependencies for the following teams, so I made sure they are included in this PR:

• Autofill
• Key Management
• Platform

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 9a6f6b0f-3456-4ef7-9ad2-43aca036d991

New Issues (6)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/commands/get.command.ts: 365	details The application takes sensitive, personal data cipher, found at line 365 of /apps/cli/src/commands/get.command.ts, and stores it in an unprotected ... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/commands/get.command.ts: 332	details The application takes sensitive, personal data cipher, found at line 332 of /apps/cli/src/commands/get.command.ts, and stores it in an unprotected ... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/commands/get.command.ts: 382	details The application takes sensitive, personal data cipher, found at line 382 of /apps/cli/src/commands/get.command.ts, and stores it in an unprotected ... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/tools/export.command.ts: 69	details The application takes sensitive, personal data password, found at line 69 of /apps/cli/src/tools/export.command.ts, and stores it in an unprotected... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/tools/export.command.ts: 65	details The application takes sensitive, personal data password, found at line 65 of /apps/cli/src/tools/export.command.ts, and stores it in an unprotected... Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/libs/node/src/services/node-crypto-function.service.ts: 352	details In toNodeCryptoAesMode, the application protects sensitive data using a cryptographic algorithm, "aes-256-ecb", that is considered weak or even tri... Attack Vector

Fixed Issues (19)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Client_DOM_XSS	/apps/web/src/connectors/sso.ts: 30
	Client_DOM_XSS	/apps/web/src/connectors/sso.ts: 28
	Client_DOM_XSS	/apps/web/src/connectors/redirect.ts: 15
	Client_DOM_Open_Redirect	/apps/web/src/app/billing/shared/payment-method.component.ts: 155
	Client_DOM_Open_Redirect	/apps/web/src/app/billing/organizations/payment-method/organization-payment-method.component.ts: 187
	Client_DOM_Open_Redirect	/apps/web/src/app/billing/organizations/payment-method/organization-payment-method.component.ts: 155
	Client_DOM_Open_Redirect	/apps/web/src/app/billing/shared/payment-method.component.ts: 183
	Client_JQuery_Deprecated_Symbols	/apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts: 92
	Client_JQuery_Deprecated_Symbols	/apps/browser/src/autofill/background/overlay.background.ts: 758
	Client_JQuery_Deprecated_Symbols	/apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts: 99
	Client_JQuery_Deprecated_Symbols	/libs/importer/src/importers/base-importer.ts: 319
	Client_JQuery_Deprecated_Symbols	/apps/cli/src/auth/commands/login.command.ts: 603
	Client_JQuery_Deprecated_Symbols	/libs/angular/src/auth/components/update-temp-password.component.ts: 134
	Client_JQuery_Deprecated_Symbols	/libs/angular/src/auth/components/change-password.component.ts: 92
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts: 83
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts: 131
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/libs/common/src/platform/services/sdk/default-sdk.service.ts: 190
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/libs/common/src/platform/services/sdk/default-sdk.service.ts: 210
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/apps/cli/src/vault/create.command.ts: 79

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.01%. Comparing base (895b36a) to head (f0d1272).

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13750      +/-   ##
==========================================
- Coverage   36.02%   36.01%   -0.01%     
==========================================
  Files        3175     3175              
  Lines       93374    93374              
  Branches    16962    16962              
==========================================
- Hits        33635    33628       -7     
- Misses      57151    57158       +7     
  Partials     2588     2588              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud