[AC-2224] [deps]: Update open to v10

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
open	8.4.2 -> 10.0.3

---

Release Notes

sindresorhus/open (open)

v10.0.3

Compare Source

• Fix target option on macOS (#​332) b597dec

v10.0.2

Compare Source

• Fix Linux compatibility 798cd93

v10.0.1

Compare Source

• Add Windows environment variable fallback for some broken systems (#​328) 8e69be4

v10.0.0

Compare Source

Breaking

• Require Node.js 18 5628dc8

v9.1.0

Compare Source

• Update dependencies 46adf0b

v9.0.0

Compare Source

Breaking

• Require Node.js 14 7f5995e
• This package is now pure ESM. Please read this.
  • Please don't open issues regarding ESM / CommonJS.
• open.openApp is now a named import: import {openApp} from 'open'
• open.apps is now a named import: import {apps} from 'open'

Improvements

• Add the ability to open default browser and default browser in private mode (#​294) 3b79981

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

AC-2224

[bitwarden-bot]

Internal tracking:

• ID: AC-2224
• Link: https://bitwarden.atlassian.net/browse/AC-2224

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 75e17c6c-c31d-420d-8a9a-d076e56adfc7

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Use_Of_Hardcoded_Password	/jslib/common/src/services/passwordGeneration.service.ts: 106	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/src/services/passwordGeneration.service.ts: 104	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/src/services/passwordGeneration.service.ts: 98	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/src/services/passwordGeneration.service.ts: 96	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/src/services/passwordGeneration.service.ts: 90	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/src/services/passwordGeneration.service.ts: 88	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/spec/domain/cipher.spec.ts: 137	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/spec/domain/login.spec.ts: 40	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/spec/domain/password.spec.ts: 29	Attack Vector
	Use_Of_Hardcoded_Password	/jslib/common/spec/domain/login.spec.ts: 69	Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 138	Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 178	Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 99	Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 87	Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/jslib/node/src/services/nodeCryptoFunction.service.ts: 21	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	Client_Privacy_Violation	/src/app/tabs/settings.component.html: 370
	Client_Privacy_Violation	/src/app/tabs/settings.component.html: 229
	Client_Privacy_Violation	/src/app/tabs/settings.component.html: 212
	SSRF	/src/services/onelogin-directory.service.ts: 178
	Missing_CSP_Header	/jslib/node/src/cli/commands/login.command.ts: 550

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[addisonbeck]

I can't find a place where this package is used.

I've been using a dependency audit tool called depcheck, and it reports this package as being in use somewhere in the project. BUT I can't find it anywhere. Here are some notes:

1. There are no import references found for this package doing a typical grep search
2. The package, open, is a cli tool used for opening urls, files, etc. in non web-apps.
3. There is a recommended alternative to open for electron on the package README
4. Directory Connector doesn't open any urls, RIGHT? I might just be missing something here.
5. The app loads and functions just fine without the package installed:

Seeking a second opinion on this one before merging to remove the package instead of updating it.

[eliykat]

It's used in cliPlatformUtilsService, however this doesn't seem to be used in directory connector. I'm OK with removing it - in fact, this is not a bad way to work our way through unused dependencies.

It would also be good to delete the dead code so that there's not code in the project that is intentionally missing dependencies. However, that might be a more comprehensive effort as imports seem to cascade through jslib quite easily.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 0.00%. Comparing base (46fb407) to head (a4cf1e4).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #456   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files         58      58           
  Lines       2542    2542           
  Branches     462     462           
=====================================
  Misses      2542    2542           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[addisonbeck]

This is discussed a bit above, but to be clear:

I replaced the function body this package was referenced in with a not implemented error, and removed its references in jslib. They were for opening SSO login screens from a CLI, which is not supported in DC.