passbolt-browser-extension 5.5.0 → 5.6.0

package/.github/workflows/release.yaml

@@ -1,19 +1,19 @@
-name: Create Release
-
-on:
-  push:
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
-
-jobs:
-  build:
-    name: Create release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - uses: actions/checkout@v4
-      - env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        name: Create Release
-        run: gh release create "${GITHUB_REF#refs/*/}" -t "${GITHUB_REF#refs/*/}" --notes-file RELEASE_NOTES.md
+#name: Create Release
+#
+#on:
+#  push:
+#    tags:
+#      - "v[0-9]+.[0-9]+.[0-9]+"
+#
+#jobs:
+#  build:
+#    name: Create release
+#    runs-on: ubuntu-latest
+#    permissions:
+#      contents: write
+#    steps:
+#      - uses: actions/checkout@v4
+#      - env:
+#          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#        name: Create Release
+#        run: gh release create "${GITHUB_REF#refs/*/}" -t "${GITHUB_REF#refs/*/}" --notes-file RELEASE_NOTES.md

package/CHANGELOG.md

@@ -4,9 +4,63 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [5.6.0] - 2025-10-08
+### Added
+- PB-39068 WP5-5.6 - Implement a Service RotateResourcesMetadataKeyService that proceed with the rotation of the key
+- PB-39069 WP5-5.8 - Implement a new method in MetadataKeysServiceWorkerService to call for  to expire a key
+- PB-39071 WP5-5.1 - Implement a new method in MetadataKeysApiService to expire a shared metadata key
+- PB-39072 WP5-5.4 - Implement a new Service UpdateMetadataKeysService to process with the expiration of a key
+- PB-39073 WP5-5.2 - Implement a new API service MetadataRotateKeysResourcesApiService to retrieve the first page of data to rotate
+- PB-39074 WP5-5.3 - Implement a new method in MetadataKeysApiService to register the rotated data on the API
+- PB-39075 WP5-5.7 - Implement a Controller RotateResourcesMetadataKeyController to run the rotation process
+- PB-39076 WP5-5.9 - Implement a new method in MetadataKeysServiceWorkerService to call passbolt.metadata.rotate-resources-metadata for  with the new Key
+- PB-39078 WP5-5.10 - Implement the ConfirmMetadataRotationDialog
+- PB-39094 WP5-6.2 - Display the rotate key button when multiple metadata key are active
+- PB-43253 Workspace resizable sidebars
+- PB-44582 lastpass example csv import with totp success
+- PB-45385 SN - WP1.1 Create the entity SecretDataV5StandaloneNoteEntity
+- PB-45389 SN - WP1.3 Update ResourceFormEntity to include secret SecretDataV5StandaloneNoteEntity
+- PB-45400 SN - WP2.1 Add new resource type in DisplayContentTypesAllowedContentTypesAdministration
+- PB-45404 SN - WP2.2 Add new resource type in DisplayResourcesWorkspaceMainMenu
+- PB-45406 SN - WP2.3 Update passbolt default resource type icons to include the new resource type icon
+- PB-45408 SN - WP2.4 Update DisplayResourcesListDetails to handle the correct subtitle for standalone note and add the same for standalone custom fields
+- PB-45412 SN - WP3.1 Apply a minimum height to the resource workspace ‘others’ dialog used to create other resource types
+- PB-45413 SN - WP3.3 Increase the height of the notes textarea to use the maximum available space in the resource creation dialog
+- PB-45414 SN - WP3.3 Add “hide” button when the note is decrypted to hide it again
+- PB-45417 SN - WP2.5 Update the “other” dialog to add the standalone note in the content type list in v5
+- PB-45424 SN - WP3.4 Ensure Import/Export is working as expected with standalone notes
+- PB-45464 GMUO - WP1.1 Create new collection ‘GroupUpdateCollection’
+- PB-45465 GMUO - WP1.2 Migrate group update logic to optimise the request on the API
+- PB-45466 GMUO - WP1.3 Adapt group update progress bar mechanism
+- PB-45476 WP5-6.3 - Create events with controller to rotate and resume rotation of a metadata key
+
+### Fixed
+- PB-43218 Date field icons should not be replaced with the copy icon in the SSO settings and expiry resource dialogs
+- PB-45239 Folders are not displayed in the correct order (GITHUB #568)
+- PB-45329 add TOTP toString handling similar to other csv exports
+- PB-45402 Add missing icon property to resource types schema definition
+- PB-45450 Fix account kit export with big private armored keys
+- PB-45458 Remove Organisation Settings max-width
+- PB-45733 Fix quickaccess resource creation with encrypted metadata
+
+### Maintenance
+- PB-44253 Upgrade vulnerable library form-data
+- PB-44593 Upgrade i18next to v24x
+- PB-45182 Major upgrade for copy-anything (Medium)
+- PB-45183 Minor upgrade for browserslist (Low)
+- PB-45184 3rd party Github Actions should be pinned (Medium)
+- PB-45401 Enforce the requirement of the property object_type for custom fields
+- PB-45484 Fix low security vulnerability dependency with web-ext to 8.10.0
+- PB-45583 Review and clean up npm overridden dependencies
+- PB-45601 Update the "Upgrade to Passbolt Pro" buttons URL
+
+## [5.5.1] - 2025-09-15
+### Fixed
+- PB-45290 Fix password missing crash on metadata activation in first admin setup
+
 ## [5.5.0] - 2025-09-10
 ### Added
-- PB-43921 - Increase directory sync report dialog size
+- PB-43921 Increase directory sync report dialog size
 - PB-44816 Pro teasing - WP1.1 Create DisplaySubscriptionKeyTeasing component
 - PB-44817 Pro teasing - WP1.2 Create DisplayPasswordPoliciesAdministrationTeasing
 - PB-44818 Pro teasing - WP1.3 Create DisplayAdministrationUserPassphrasePoliciesTeasing
@@ -22,67 +76,67 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
 - PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
 - PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings
-- PB-44630 - SCIM administration screen
+- PB-44630 SCIM administration screen
 
 ### Fixed
-- PB-44638 - Password expiry should not be removed when password is not updated
-- PB-44604 - Fix regular expression on public key metadata validation
-- PB-44707 - Fix service worker not restarting after browser extension update on Chrome
-- PB-45060 - Fix custom fields json schema properties type
-- PB-44933 - Fix setup a new user should have missing key set
+- PB-44638 Password expiry should not be removed when password is not updated
+- PB-44604 Fix regular expression on public key metadata validation
+- PB-44707 Fix service worker not restarting after browser extension update on Chrome
+- PB-45060 Fix custom fields json schema properties type
+- PB-44933 Fix setup a new user should have missing key set
 
 ### Maintenance
-- PB-44594 - Upgrade xregexp to 5.1.2
+- PB-44594 Upgrade xregexp to 5.1.2
 - PB-44638 Password expiry should not be removed when password is not updated
 - PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available
 
 ## [5.4.0] - 2025-08-13
 ### Added
-- PB-44201: E2EE The organisation settings offer now a simplified way to activate metadata encryption and the new resource types
-- PB-42205: E2EE encrypted metadata and new resource types are activated by default after the first administrator setup
-- PB-43255: Add support for multiple uri import export on kdbx files
-- PB-43110: ZK - WP4.2 As a signed-in user I should not be allowed to upgrade resources with missing key situation
-- PB-43712: Translate the application in Czech
-- PB-43939: ZK - WP3.2 Add an app event to get or find the metadata keys settings
-- PB-43980: Add support for custom field import export on kdbx files
-- PB-44080: ZK - WP4.1 Create a dialog explaining the missing key situation
-- PB-44081: ZK - WP4.3 As a signed-in user I should not be allowed to create resources with missing key situation in the resource workspace
-- PB-44090: ZK - WP4.4 As a signed-in user I should not be allowed to edit resources with missing key situation
-- PB-44091: ZK - WP4.5 As a signed-in user I should not be allowed to share resources with missing key situation
-- PB-44094: ZK - WP4.6 As a signed-in user I should not be allowed to import resources with missing key situation
-- PB-44095: ZK - WP4.7 As a signed-in user I should not be allowed to move resources with missing key situation
-- PB-44096: ZK - WP4.8 As a signed-in user I should not be allowed to move folders with missing key situation
-- PB-44097: ZK - WP4.9 Display a page explaining the missing key situation on the quick app
-- PB-44098: ZK - WP4.10 As a signed-in user I should not be allowed to create resources with missing key situation in the quick app
-- PB-44099: ZK - WP4.11 As a signed-in user I should not be allowed to generate password on the inform menu
-- PB-44206: ZK - WP4.14 As administrators I cannot trigger the encrypted metadata migration if I have missing metadata keys
-- PB-44211: ZK - WP3.5 Add MetadataKeysSettingsLocalStorageContextProvider to the App and the quick-app and the inform menu
-- PB-44212: CU - WP5.2 Update ExternalResourceEntity buildDtoFromResourceEntityDto to support custom fields
-- PB-44286: ZK - WP3.6 Add a quick app and inform menu event to get the metadata keys settings
-- PB-44295: ZK - WP4.15 As a signed-in user with missing keys I should not be able to create resource if metadata shared key is enforced on the inform menu
-- PB-44296: ZK - WP4.16 As a signed-in user I should not be allowed to move shared folders into personal folders with missing key situation
-- PB-44327: Display sub-folders in breadcrumbs
-- PB-44374: Extend notes v5 max length to 50_000
-
-### Fixed
-- PB-43296: Displaying resource activities should not crash the application when a resource activity does not have related user or group
-- PB-43652: The sentence to change the passphrase in the user settings workspace should have a space after.
-- PB-43657: Resources loading became noticeably slower after migrating to encrypted
-- PB-43667: Cancelling the user passphrase request should not trigger an error when sharing missing metadata key
-- PB-43676: Cancelling the user passphrase should not freeze the create resource dialog
-- PB-43719: After importing resources from Bitwarden the URIs are not separated correctly
-- PB-43784: Display the progression of the encryption of metadata in the import dialog
-- PB-43906: User should be notified of any errors while loading comments
-- PB-44079: Update/Create a method in resourceLocalStorage.js to bulk delete resources
-- PB-44161: As a user I should not see the resource description and note warning message if only one of them is concerned
-- PB-44273: Activities are not loaded when new resource is clicked after load more activities of a previous resource
+- PB-44201 E2EE The organisation settings offer now a simplified way to activate metadata encryption and the new resource types
+- PB-42205 E2EE encrypted metadata and new resource types are activated by default after the first administrator setup
+- PB-43255 Add support for multiple uri import export on kdbx files
+- PB-43110 ZK - WP4.2 As a signed-in user I should not be allowed to upgrade resources with missing key situation
+- PB-43712 Translate the application in Czech
+- PB-43939 ZK - WP3.2 Add an app event to get or find the metadata keys settings
+- PB-43980 Add support for custom field import export on kdbx files
+- PB-44080 ZK - WP4.1 Create a dialog explaining the missing key situation
+- PB-44081 ZK - WP4.3 As a signed-in user I should not be allowed to create resources with missing key situation in the resource workspace
+- PB-44090 ZK - WP4.4 As a signed-in user I should not be allowed to edit resources with missing key situation
+- PB-44091 ZK - WP4.5 As a signed-in user I should not be allowed to share resources with missing key situation
+- PB-44094 ZK - WP4.6 As a signed-in user I should not be allowed to import resources with missing key situation
+- PB-44095 ZK - WP4.7 As a signed-in user I should not be allowed to move resources with missing key situation
+- PB-44096 ZK - WP4.8 As a signed-in user I should not be allowed to move folders with missing key situation
+- PB-44097 ZK - WP4.9 Display a page explaining the missing key situation on the quick app
+- PB-44098 ZK - WP4.10 As a signed-in user I should not be allowed to create resources with missing key situation in the quick app
+- PB-44099 ZK - WP4.11 As a signed-in user I should not be allowed to generate password on the inform menu
+- PB-44206 ZK - WP4.14 As administrators I cannot trigger the encrypted metadata migration if I have missing metadata keys
+- PB-44211 ZK - WP3.5 Add MetadataKeysSettingsLocalStorageContextProvider to the App and the quick-app and the inform menu
+- PB-44212 CU - WP5.2 Update ExternalResourceEntity buildDtoFromResourceEntityDto to support custom fields
+- PB-44286 ZK - WP3.6 Add a quick app and inform menu event to get the metadata keys settings
+- PB-44295 ZK - WP4.15 As a signed-in user with missing keys I should not be able to create resource if metadata shared key is enforced on the inform menu
+- PB-44296 ZK - WP4.16 As a signed-in user I should not be allowed to move shared folders into personal folders with missing key situation
+- PB-44327 Display sub-folders in breadcrumbs
+- PB-44374 Extend notes v5 max length to 50_000
+
+### Fixed
+- PB-43296 Displaying resource activities should not crash the application when a resource activity does not have related user or group
+- PB-43652 The sentence to change the passphrase in the user settings workspace should have a space after.
+- PB-43657 Resources loading became noticeably slower after migrating to encrypted
+- PB-43667 Cancelling the user passphrase request should not trigger an error when sharing missing metadata key
+- PB-43676 Cancelling the user passphrase should not freeze the create resource dialog
+- PB-43719 After importing resources from Bitwarden the URIs are not separated correctly
+- PB-43784 Display the progression of the encryption of metadata in the import dialog
+- PB-43906 User should be notified of any errors while loading comments
+- PB-44079 Update/Create a method in resourceLocalStorage.js to bulk delete resources
+- PB-44161 As a user I should not see the resource description and note warning message if only one of them is concerned
+- PB-44273 Activities are not loaded when new resource is clicked after load more activities of a previous resource
 
 ### Maintenance
-- PB-43585: Azure SSO login_hint settings can now be configured
-- PB-43908: Move logic of commentModel file to a service and update assertions in controllers
-- PB-44076: Create a Controller to handle Resource Delete
-- PB-44077: Create a dedicated Service to handle resource deletion
-- PB-44396: the endpoint complete/recover.json is now used instead of the legacy endpoint
+- PB-43585 Azure SSO login_hint settings can now be configured
+- PB-43908 Move logic of commentModel file to a service and update assertions in controllers
+- PB-44076 Create a Controller to handle Resource Delete
+- PB-44077 Create a dedicated Service to handle resource deletion
+- PB-44396 the endpoint complete/recover.json is now used instead of the legacy endpoint
 
 ### Security
 - PB-43730: Upgrade vulnerable library brace-expansion
@@ -2388,8 +2442,11 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.1...HEAD
-[5.4.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.0...v5.4.1
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.6.0...HEAD
+[5.6.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.5.1...v5.6.0
+[5.5.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.5.0...v5.5.1
+[5.5.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.1...v5.5.0
+[5.4.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.0...v5.4.1
 [5.4.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.3.3...v5.4.0
 [5.3.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.3.0...v5.3.2
 [5.3.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.2.0...v5.3.0

package/RELEASE_NOTES.md

@@ -1,52 +1,70 @@
-Release song: https://youtu.be/L3Wo8jcNrkQ?si=HiNK6kSFC-aMFMJe
+Release song: https://www.youtube.com/watch?v=bu50DtPF1Ac
 
-Passbolt 5.5.0 is a feature release candidate that lets administrators run encrypted metadata in zero-knowledge mode and adds SCIM provisioning (beta) for easier user management.
+Passbolt 5.6.0 introduces standalone notes, shared metadata key rotation, and resizable sidebars. As usual, this version also brings important security hardening through dependency updates as well as a series of bug fixes and maintenance improvements.
 
-# Zero-knowledge
-Zero-knowledge for encrypted metadata is intended for organisations that prioritise maximum privacy and can do without server-side auditability. In this mode, the server never receives the shared metadata private key and therefore cannot access any resource metadata.
+## Standalone notes
 
-When a new user joins, the server does not automatically share the key with them. Instead, administrators are notified by email once the user has completed their activation and is ready to receive access. From the Users & Groups workspace, administrators can then review the situation and share the key when the time is right.
+It is now possible to create notes as a standalone resource type, without attaching them to credentials or other elements. Import and export processes have been updated to recognize and support this new type. Any imported resources that contain only a description will now be created as standalone notes.
 
-Until a user receives the key, their experience is intentionally limited: actions that depend on the shared metadata key, such as sharing a resource, moving a private item into a shared folder, or creating content meant to be shared, are blocked.
+## Shared metadata key rotation
 
-To know more about the encrypted metadata zero-knowledge mode, check out this [blog post](https://www.passbolt.com/blog/the-road-to-passbolt-v5-encrypted-metadata-and-other-core-security-changes-2).
+Administrators can now rotate the shared metadata key at any time from the organization settings. This improvement marks one of the final steps in meeting metadata encryption requirements. The rotation process can be performed while the instance remains operational, so availability is not disrupted.
 
-# SCIM (beta)
-This release also introduces SCIM 2.0 (beta) to automate user provisioning with your identity provider. The first iteration focuses on Microsoft Entra ID (Azure AD) and is available on Passbolt Pro.
+## Resizable sidebars
 
-With SCIM, administrators can create, update, and deactivate users directly from their identity provider, without ever touching the Passbolt UI. For now, only user synchronisation is supported, while group synchronisation will follow in a future update.
+Both main workspace and Users & Groups workspace now feature sidebars that can be resized. This allows users to improve readability when working with long folder names or deeply nested folder structures. After resizing, a double-click on the sidebar handle resets it to its default width.
 
-Note that Okta should work out of the box, though some journeys may still need polish, such as the user deactivation.
+## Miscellaneous Improvements
 
-Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues and suggest improvements. Checkout the changelog for more information.
+The export of account kits is now compatible with larger private keys. The group membership update process has been optimized to reduce request payload size and to avoid certain size limitations. Sorting of folder names has also been improved with natural number ordering, meaning for example that “folder2” now correctly appears before “folder10.”
+
+Many thanks to everyone who shared feedback, reported issues, and helped refine these features.
 
 ### Added
-- PB-43921 - Increase directory sync report dialog size
-- PB-44816 Pro teasing - WP1.1 Create DisplaySubscriptionKeyTeasing component
-- PB-44817 Pro teasing - WP1.2 Create DisplayPasswordPoliciesAdministrationTeasing
-- PB-44818 Pro teasing - WP1.3 Create DisplayAdministrationUserPassphrasePoliciesTeasing
-- PB-44819 Pro teasing - WP1.4 Create ManageAccountRecoveryAdministrationSettingsTeasing
-- PB-44820 Pro teasing - WP1.5 Create ManageSsoSettingsTeasing
-- PB-44821 Pro teasing - WP1.6 Create DisplayMfaPolicyAdministrationTeasing
-- PB-44822 Pro teasing - WP1.7 Create DisplayUserDirectoryAdministrationTeasing
-- PB-44823 Pro teasing - WP1.8 Create DisplayScimAdministrationTeasing
-- PB-44826 Pro teasing - WP2.1 Add teasing property and new route on AdministrationHomePage
-- PB-44827 Pro teasing - WP2.2 Update the DisplayAdministrationMenu to display teasing Icon on PRO menu for CE
-- PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
-- PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
-- PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
-- PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
-- PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings
-- PB-44630 - SCIM administration screen
+- PB-39068 WP5-5.6 - Implement a Service RotateResourcesMetadataKeyService that proceed with the rotation of the key
+- PB-39069 WP5-5.8 - Implement a new method in MetadataKeysServiceWorkerService to call for  to expire a key
+- PB-39071 WP5-5.1 - Implement a new method in MetadataKeysApiService to expire a shared metadata key
+- PB-39072 WP5-5.4 - Implement a new Service UpdateMetadataKeysService to process with the expiration of a key
+- PB-39073 WP5-5.2 - Implement a new API service MetadataRotateKeysResourcesApiService to retrieve the first page of data to rotate
+- PB-39074 WP5-5.3 - Implement a new method in MetadataKeysApiService to register the rotated data on the API
+- PB-39075 WP5-5.7 - Implement a Controller RotateResourcesMetadataKeyController to run the rotation process
+- PB-39076 WP5-5.9 - Implement a new method in MetadataKeysServiceWorkerService to call passbolt.metadata.rotate-resources-metadata for  with the new Key
+- PB-39078 WP5-5.10 - Implement the ConfirmMetadataRotationDialog
+- PB-39094 WP5-6.2 - Display the rotate key button when multiple metadata key are active
+- PB-43253 Workspace resizable sidebars
+- PB-44582 lastpass example csv import with totp success
+- PB-45385 SN - WP1.1 Create the entity SecretDataV5StandaloneNoteEntity
+- PB-45389 SN - WP1.3 Update ResourceFormEntity to include secret SecretDataV5StandaloneNoteEntity
+- PB-45400 SN - WP2.1 Add new resource type in DisplayContentTypesAllowedContentTypesAdministration
+- PB-45404 SN - WP2.2 Add new resource type in DisplayResourcesWorkspaceMainMenu
+- PB-45406 SN - WP2.3 Update passbolt default resource type icons to include the new resource type icon
+- PB-45408 SN - WP2.4 Update DisplayResourcesListDetails to handle the correct subtitle for standalone note and add the same for standalone custom fields
+- PB-45412 SN - WP3.1 Apply a minimum height to the resource workspace ‘others’ dialog used to create other resource types
+- PB-45413 SN - WP3.3 Increase the height of the notes textarea to use the maximum available space in the resource creation dialog
+- PB-45414 SN - WP3.3 Add “hide” button when the note is decrypted to hide it again
+- PB-45417 SN - WP2.5 Update the “other” dialog to add the standalone note in the content type list in v5
+- PB-45424 SN - WP3.4 Ensure Import/Export is working as expected with standalone notes
+- PB-45464 GMUO - WP1.1 Create new collection ‘GroupUpdateCollection’
+- PB-45465 GMUO - WP1.2 Migrate group update logic to optimise the request on the API
+- PB-45466 GMUO - WP1.3 Adapt group update progress bar mechanism
+- PB-45476 WP5-6.3 - Create events with controller to rotate and resume rotation of a metadata key
 
 ### Fixed
-- PB-44638 - Password expiry should not be removed when password is not updated
-- PB-44604 - Fix regular expression on public key metadata validation
-- PB-44707 - Fix service worker not restarting after browser extension update on Chrome
-- PB-45060 - Fix custom fields json schema properties type
-- PB-44933 - Fix setup a new user should have missing key set
+- PB-43218 Date field icons should not be replaced with the copy icon in the SSO settings and expiry resource dialogs
+- PB-45239 Folders are not displayed in the correct order (GITHUB #568)
+- PB-45329 add TOTP toString handling similar to other csv exports
+- PB-45402 Add missing icon property to resource types schema definition
+- PB-45450 Fix account kit export with big private armored keys
+- PB-45458 Remove Organisation Settings max-width
+- PB-45733 Fix quickaccess resource creation with encrypted metadata
 
 ### Maintenance
-- PB-44594 - Upgrade xregexp to 5.1.2
-- PB-44638 Password expiry should not be removed when password is not updated
-- PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available
+- PB-44253 Upgrade vulnerable library form-data
+- PB-44593 Upgrade i18next to v24x
+- PB-45182 Major upgrade for copy-anything (Medium)
+- PB-45183 Minor upgrade for browserslist (Low)
+- PB-45184 3rd party Github Actions should be pinned (Medium)
+- PB-45401 Enforce the requirement of the property object_type for custom fields
+- PB-45484 Fix low security vulnerability dependency with web-ext to 8.10.0
+- PB-45583 Review and clean up npm overridden dependencies
+- PB-45601 Update the "Upgrade to Passbolt Pro" buttons URL

package/doc/browser-extension-class-diagram.md

@@ -183,6 +183,11 @@ classDiagram
             +exec() Promise~MetadataKeyEntity~
         }
 
+        class RotateMetadataKeyController {
+            event "passbolt.metadata.rotate-metadata-key"
+            +exec(string metadataKeyId) Promise~void~
+        }
+
         class FindAllNonDeletedMetadataKeysController {
             event "passbolt.metadata.find-all-non-deleted-metadata-keys"
             +exec() Promise~MetadataKeysCollection~
@@ -218,6 +223,11 @@ classDiagram
             +exec() Promise~void~
         }
 
+        class RotateResourcesMetadataKeyController {
+            event "passbolt.metadata.rotate-resources-metadata"
+            +exec() Promise~void~
+        }
+
         class ShareMetadataKeyPrivateController {
             event "passbolt.metadata.share-missing-metadata-private-keys-with-user"
             +exec(uuid userId) Promise~void~
@@ -232,6 +242,23 @@ classDiagram
             +decryptAllFromForeignModels(Collection collection, ?string passphrase, ?object options) Promise
         }
 
+        class ExpireMetadataKeyService {
+            +expire(string uuid) Promise
+        }
+
+        class DeleteMetadataKeyService {
+            +delete(string uuid) Promise
+        }
+
+        class RotateMetadataKeyService {
+            +rotate(ExternalGpgKeyPairEntity entity, string uuid, string passphrase) Promise
+            +resumeRotate(MetdataKeyEntity entity, string passphrase) Promise
+        }
+
+        class UpdateMetadataKeyPrivateService {
+            +update(MetadataPrivateKeyEntity entity) Promise
+        }
+
         class DecryptMetadataPrivateKeysService {
             +decryptOne(MetadataPrivateKeyEntity entity, ?string passphrase) Promise
             +decryptAll(MetadataPrivateKeyCollection collection, ?string passphrase) Promise
@@ -269,6 +296,10 @@ classDiagram
             +verifyTrustedOrTrustNewMetadataKey(string passphrase) Promise~void~
         }
 
+        class RotateResourcesMetadataKeyService {
+            +rotate(string passphrase) Promise~void~
+        }
+
     %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
     %% Metadata Keys services
     %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -336,6 +367,13 @@ classDiagram
         class MetadataKeysApiService {
             +findAll(object contains) Promise~array~
             +create(MetadataKeyEntity metadataKey) Promise~*string*~
+            +delete(string uuid) Promise~*void*~
+            +update(string uuid, MetadataKeyEntity metadataKey) Promise~*void*~
+        }
+
+        class MetadataRotateKeysResourcesApiService {
+            +findAll() Promise~array~
+            +rotate(ResourceCollection resourcesCollection) Promise~array~
         }
 
         class MetadataPrivateKeyApiService {
@@ -1107,6 +1145,10 @@ classDiagram
     CreateMetadataKeyController*--CreateMetadataKeyService
     FindAllNonDeletedMetadataKeysController*--FindMetadataKeysService
     GenerateMetadataPrivateKeyController*--GenerateMetadataKeyService
+%%    RotateMetadataKeyController*--GetPassphraseService
+    RotateMetadataKeyController*--RotateMetadataKeyService
+%%    ResumeRotateMetadataKeyController*--GetPassphraseService
+    ResumeRotateMetadataKeyController*--RotateMetadataKeyService
 %%    GenerateMetadataPrivateKeyController*--GetPassphraseService
     GetOrFindMetadataTypesSettingsController*--GetOrFindMetadataSettingsService
     SaveMetadataKeysSettingsController*--SaveMetadataSettingsService
@@ -1114,6 +1156,7 @@ classDiagram
     ShareMetadataKeyPrivateController*--GetPassphraseService
     ShareMetadataKeyPrivateController*--VerifyOrTrustMetadataKeyService
     style CreateMetadataKeyController fill:#D2E0FB
+    style RotateMetadataKeyController fill:#D2E0FB
     style FindAllNonDeletedMetadataKeysController fill:#D2E0FB
     style GenerateMetadataPrivateKeyController fill:#D2E0FB
     style GetOrFindMetadataTypesSettingsController fill:#D2E0FB
@@ -1124,7 +1167,14 @@ classDiagram
     CreateMetadataKeyService*--EncryptMetadataPrivateKeysService
     CreateMetadataKeyService*--FindUsersService
     CreateMetadataKeyService*--GetOrFindMetadataSettingsService
-    CreateMetadataKeyService*--MetadataKeyApiService
+    CreateMetadataKeyService*--MetadataKeysApiService
+    ExpireMetadataKeyService*--MetadataKeysApiService
+    RotateResourcesMetadataKeyService*--MetadataRotateKeysResourcesApiService
+    DeleteMetadataKeyService*--MetadataKeysApiService
+    RotateMetadataKeyService*--CreateMetadataKeyService
+    RotateMetadataKeyService*--ExpireMetadataKeyService
+    RotateMetadataKeyService*--RotateResourcesMetadataKeyService
+    RotateMetadataKeyService*--DeleteMetadataKeyService
     FindMetadataMigrateResourcesService*--MigrateMetadataResourcesApiService
     MigrateMetadataResourcesService*--MigrateMetadataResourcesApiService
     MigrateMetadataResourcesService*--EncryptMetadataService
@@ -1147,7 +1197,7 @@ classDiagram
     FindAndUpdateMetadataSettingsService*--FindMetadataSettingsService
     FindAndUpdateMetadataSettingsService*--MetadataTypesSettingsLocalStorage
     FindMetadataKeysService*--DecryptMetadataPrivateKeysService
-    FindMetadataKeysService*--MetadataKeyApiService
+    FindMetadataKeysService*--MetadataKeysApiService
     FindMetadataSettingsService*--MetadataKeysSettingsApiService
     FindMetadataSettingsService*--MetadataTypesSettingsApiService
     FindResourcesService*--DecryptMetadataService
@@ -1161,7 +1211,7 @@ classDiagram
     SaveMetadataSettingsService*--MetadataKeysSettingsLocalStorage
     GetMetadataTrustedKeyService*--TrustedMetadataKeyLocalStorage
 %% Metadata models relationships.
-    style MetadataKeyApiService fill:#DEE5D4
+    style MetadataKeysApiService fill:#DEE5D4
     style MetadataKeysSettingsLocalStorage fill:#DEE5D4
     style MetadataKeysSessionStorageService fill:#DEE5D4
     style MetadataKeysSettingsApiService fill:#DEE5D4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "5.5.0",
+  "version": "5.6.0",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2025 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -14,7 +14,7 @@
     "await-lock": "^2.1.0",
     "downloadjs": "^1.4.7",
     "eckey-utils": "^0.7.14",
-    "i18next": "^23.7.16",
+    "i18next": "23.15.2",
     "i18next-http-backend": "^2.4.2",
     "ip-regex": "^5.0.0",
     "jssha": "~3.3.1",
@@ -22,7 +22,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^6.1.1",
     "papaparse": "^5.5.2",
-    "passbolt-styleguide": "^v5.5.2",
+    "passbolt-styleguide": "^5.6.2",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
@@ -65,18 +65,17 @@
     "lockfile-lint": "^4.14.1",
     "text-encoding-utf-8": "^1.0.2",
     "uuid": "^8.3.2",
-    "web-ext": "^8.0.0",
+    "web-ext": "^8.10.0",
     "webpack": "^5.94.0",
     "webpack-cli": "^5.1.4"
   },
   "overrides": {
-    "image-size": "^2.0.2",
+    "addons-linter": "^8.0.0",
     "i18next-parser": {
-      "cheerio": {
-        "undici": "6.21.2"
-      }
+      "cheerio": "1.1.2"
     },
-    "brace-expansion": "^1.1.12"
+    "brace-expansion": "^1.1.12",
+    "browserslist": "4.26.2"
   },
   "scripts": {
     "build": "npx grunt build",

package/src/all/_locales/ko/messages.json

@@ -1,10 +1,10 @@
 {
   "appName": {
-    "message": "패스볼트 - 오픈소스 비밀번호 관리 프로그램",
+    "message": "Passbolt - 오픈소스 비밀번호 관리 프로그램",
     "description": "The application name of the extension, displayed in the web store. 45 characters max."
   },
   "appDescription": {
-    "message": "팀을 위한 오픈 소스 비밀번호 관리자인 패스볼트의 확장 프로그램.",
+    "message": "팀을 위한 오픈 소스 비밀번호 관리자인 Passbolt의 확장 프로그램.",
     "description": "The description of the extension, displayed in the web store. 85 characters max."
   }
 }

package/src/all/background_page/controller/auth/redirectToAdminWorkspaceController.test.js

@@ -32,7 +32,6 @@ describe("RedirectToAdminWorkspaceController", () => {
       };
       const account = new AccountEntity(defaultAccountDto());
       const expectedUrl = `${account.domain}/app/administration`;
-      console.log(expectedUrl);
       const controller = new RedirectToAdminWorkspaceController(worker, null, account);
       jest.spyOn(chrome.tabs, "update").mockImplementation(() => {});
 

package/src/all/background_page/controller/group/groupUpdateController.js

@@ -12,7 +12,6 @@
  */
 import Keyring from "../../model/keyring";
 import GetPassphraseService from "../../service/passphrase/getPassphraseService";
-import GroupModel from "../../model/group/groupModel";
 import i18n from "../../sdk/i18n";
 import ProgressService from "../../service/progress/progressService";
 import GroupUpdateService from "../../service/group/groupUpdateService";
@@ -30,7 +29,6 @@ class GroupsUpdateController {
   constructor(worker, requestId, apiClientOptions, account) {
     this.worker = worker;
     this.requestId = requestId;
-    this.groupModel = new GroupModel(apiClientOptions);
     this.keyring = new Keyring();
 
     this.getPassphraseService = new GetPassphraseService(account);

package/src/all/background_page/controller/group/groupUpdateController.test.data.js

@@ -17,7 +17,7 @@ import {defaultGroupDto} from "passbolt-styleguide/src/shared/models/entity/grou
 import {createGroupUser} from "passbolt-styleguide/src/shared/models/entity/groupUser/groupUserEntity.test.data.js";
 import EncryptMessageService from "../../service/crypto/encryptMessageService";
 import {pgpKeys} from "passbolt-styleguide/test/fixture/pgpKeys/keys";
-import {defaultDyRunResponse} from "../../model/entity/group/update/groupUpdateDryRunResultEntity.test.data";
+import {defaultDryRunResponse} from "../../model/entity/group/update/groupUpdateDryRunResultEntity.test.data";
 import {OpenpgpAssertion} from "../../utils/openpgp/openpgpAssertions";
 
 export const updateGroupNameDto = (data = {}) => {
@@ -66,5 +66,5 @@ export const add2UsersToGroupDryRunResponse = async(data = {}) => {
     Secrets: secrets
   }, data);
 
-  return defaultDyRunResponse(defaultData);
+  return defaultDryRunResponse(defaultData);
 };