[deps] Platform: Update macOS/iOS bindings

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
security-framework (source)	dependencies	minor	=3.1.0 -> =3.2.0
security-framework-sys (source)	dependencies	minor	=2.13.0 -> =2.14.0

---

Release Notes

kornelski/rust-security-framework (security-framework)

v3.2.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bitwarden-bot]

Internal tracking:

• ID: PM-17312
• Link: https://bitwarden.atlassian.net/browse/PM-17312

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 34.31%. Comparing base (43a6a93) to head (5191f8d).
Report is 156 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #12971   +/-   ##
=======================================
  Coverage   34.30%   34.31%           
=======================================
  Files        2975     2975           
  Lines       90594    90594           
  Branches    16983    16983           
=======================================
+ Hits        31081    31088    +7     
+ Misses      57053    57046    -7     
  Partials     2460     2460           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – 796f6db1-4dd5-4a8e-be3c-0907ba4e0135

New Issues (47)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-12692	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12694	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12695	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11112	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11113	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11114	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11115	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11395	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12053	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12381	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12382	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12693	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-7.0.3	Vulnerable Package
	CVE-2025-0291	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0434	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0436	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0437	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0438	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0443	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0447	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11110	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11111	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11116	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-11117	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-55565	Npm-nanoid-3.3.7	Vulnerable Package
	CVE-2025-0435	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0439	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0440	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0441	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0442	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0446	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0448	Npm-electron-33.3.1	Vulnerable Package
	Client_Privacy_Violation	/bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-apps-dialog.component.html: 15	details Method at line 15 of /bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-apps-dialog.component.html sends user information ou... Attack Vector
	Client_Privacy_Violation	/bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-members-dialog.component.html: 15	details Method at line 15 of /bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-members-dialog.component.html sends user information... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/admin-console/components/collections.component.ts: 36	details Method at line 36 of /libs/angular/src/admin-console/components/collections.component.ts sends user information outside the application. This may ... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 119	details Method at line 119 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may constitute... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 286	details Method load at line 286 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may consti... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 780	details Method loadAddEditCipherInfo at line 780 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts: 50	details Method OpenAttachmentsComponent at line 50 of /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.compo... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts: 50	details Method at line 50 of /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts sends user infor... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 70	details Method at line 70 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may constitute ... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 278	details Method load at line 278 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may consti... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 776	details Method loadAddEditCipherInfo at line 776 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 281	details Method load at line 281 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may consti... Attack Vector
	Client_Hardcoded_Domain	/apps/web/src/app/billing/shared/payment/payment.component.ts: 75	details The JavaScript file imported in "https://js\.stripe\.com/v3/?advancedFraudSignals=false" in /apps/web/src/app/billing/shared/payment/payment.componen... Attack Vector
	Client_Hardcoded_Domain	/apps/web/src/app/billing/shared/payment/payment.component.ts: 75	details The JavaScript file imported in "https://js\.stripe\.com/v3/?advancedFraudSignals=false" in /apps/web/src/app/billing/shared/payment/payment.componen... Attack Vector
	Client_Use_Of_Iframe_Without_Sandbox	/apps/browser/src/autofill/content/notification-bar.ts: 872	details The application employs an HTML iframe at whose contents are not properly sandboxed Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Client_Use_Of_Iframe_Without_Sandbox	/apps/browser/src/autofill/content/notification-bar.ts: 881