[PM-24279] Utilize Policy vNext endpoint #16317

JimmyVo16 · 2025-09-05T17:08:56Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-24279

📔 Objective

We introduce a Policy vNext endpoint that includes a breaking change in the request body. This new endpoint enables us to pass metadata to perform operations on the backend that are not associated with the policy record data. PR for the new endpoint.

Changes in this PR

Add functionality to build the new request body and endpoint route
Add feature flag check to handle routing to the new endpoint only if the feature flag is enabled

📸 Screenshots

⏰ Reminders before review

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Protected functional changes with optionality (feature flags)
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

JimmyVo16 · 2025-09-05T17:10:30Z

apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts

-    } catch (e) {
-      this.toastService.showToast({ variant: "error", title: null, message: e.message });
-      return;
+      if (await this.shouldUseVNextImplementation()) {


Hey @BrandonTreston , please review the architecture of this PR. Once I get your approval, I will add tests.

sonarqubecloud · 2025-09-05T17:12:04Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-actions · 2025-09-05T17:17:56Z

Checkmarx One – Scan Summary & Details – c419d688-21d0-419e-ba06-3841efe496d7

New Issues (29)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2025-5068	Npm-electron-36.4.0	details Recommended version: 36.7.4 Description: Use After Free in Blink in Google Chrome versions prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a cra... Attack Vector: NETWORK Attack Complexity: LOW `ID: gxSgA0YnEy9IKXUH7PfYCSmPI62DFWy5zx%2FckoYe1FE%3D` Vulnerable Package
CVE-2025-5280	Npm-electron-36.4.0	details Recommended version: 36.7.0 Description: Out-of-bounds Write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW `ID: mQrnU%2FC278mrkIHQ8DYTfGiPxHO8%2FE3NKo%2BUdH0rv%2FE%3D` Vulnerable Package
CVE-2025-5419	Npm-electron-36.4.0	details Recommended version: 36.7.3 Description: Out-of-bounds Read and Write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a c... Attack Vector: NETWORK Attack Complexity: LOW `ID: UqYrk%2B2XA1RW9CZaSF1EkQw3s1J17HIC8EhMQkDUgVM%3D` Vulnerable Package
CVE-2025-5958	Npm-electron-36.4.0	details Recommended version: 36.7.0 Description: Use After Free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM... Attack Vector: NETWORK Attack Complexity: LOW `ID: vsQyyiBZtvife9h1Ra5yoB%2FuzVTy%2FOexgpdyt%2FHYe%2Fc%3D` Vulnerable Package
CVE-2025-5959	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW `ID: UzJHWC%2BMDbNUoY%2B8sLR9aVfbUZ23LB9Z43q7UzJvCms%3D` Vulnerable Package
CVE-2025-6191	Npm-electron-36.4.0	details Recommended version: 36.7.0 Description: Integer Overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out-of-bounds memory access via a ... Attack Vector: NETWORK Attack Complexity: LOW `ID: 2dOqiFWQdWvOkgq7aBn58FKWvCD77SSMnoVyWnfa76w%3D` Vulnerable Package
CVE-2025-6192	Npm-electron-36.4.0	details Recommended version: 36.6.0 Description: Use After Free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted H... Attack Vector: NETWORK Attack Complexity: LOW `ID: z0feUfizgGqvY2tuTWK4gZAEX0CiJ%2FJsz2GJ7BWd70o%3D` Vulnerable Package
CVE-2025-6558	Npm-electron-36.4.0	details Recommended version: 36.7.4 Description: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perfo... Attack Vector: NETWORK Attack Complexity: LOW `ID: iZzwGUHoVPwFgyFTxdHiflaOctqEVsOjjND%2BW%2FkpM8s%3D` Vulnerable Package
CVE-2025-7656	Npm-electron-36.4.0	details Recommended version: 36.7.3 Description: An Integer Overflow vulnerability in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption v... Attack Vector: NETWORK Attack Complexity: LOW `ID: AGrXlf%2Fa7vERgQbn0bFRpbQPHaOhQlvu72oWx5INlYQ%3D` Vulnerable Package
CVE-2025-7657	Npm-electron-36.4.0	details Recommended version: 36.7.3 Description: Use After Free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW `ID: 9Z85Ovqm9ZsjiX%2B4Sb7dhvLKAxt0cRCCv4hoA909pFc%3D` Vulnerable Package
CVE-2025-8010	Npm-electron-36.4.0	details Recommended version: 36.7.4 Description: Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... Attack Vector: NETWORK Attack Complexity: LOW `ID: bxSPRrhvmmgSXhCiFgODhWX5xc24SrhnNu9RyNVseN0%3D` Vulnerable Package
CVE-2025-8011	Npm-electron-36.4.0	details Recommended version: 36.7.4 Description: Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... Attack Vector: NETWORK Attack Complexity: LOW `ID: tDr7osA1WlI5P3Z6N8mqf%2FM%2Ba8hxA2Z%2F9cXaj8kKQJw%3D` Vulnerable Package
CVE-2025-8292	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: Use After Free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a craf... Attack Vector: NETWORK Attack Complexity: LOW `ID: rlbperh8voeoSjPAVQbXe5YiGKcx6qmpCukt0hMHlSw%3D` Vulnerable Package
CVE-2025-8576	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: Use After Free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted... Attack Vector: NETWORK Attack Complexity: LOW `ID: qTExEi9BiKwns5cuseoagiQxDZIvFzaISZfW7WmKBFI%3D` Vulnerable Package
CVE-2025-8578	Npm-electron-36.4.0	details Recommended version: 36.8.1 Description: Use After Free in Cast in Google Chrome versions prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a craf... Attack Vector: NETWORK Attack Complexity: LOW `ID: 8drMZvePPj%2BWrY65pEY%2BXEMmgyUM6qXdPNLdIZ1zvJk%3D` Vulnerable Package
CVE-2025-8879	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a cura... Attack Vector: NETWORK Attack Complexity: LOW `ID: gmTMUHJWgv%2BlQwQZKevCIP0uBUxhE8ae3P%2F5bGprjDU%3D` Vulnerable Package
CVE-2025-5064	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data vi... Attack Vector: NETWORK Attack Complexity: LOW `ID: kYc4DDZ75xvEtMk9fxUmJMOt9q4ANRi1Eh8V1VEBuwU%3D` Vulnerable Package
CVE-2025-5065	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a... Attack Vector: NETWORK Attack Complexity: LOW `ID: ztI2n%2BgKCqMGDqCG6TXcLIvEIAte8V4x4oLLy%2FJEjJ0%3D` Vulnerable Package
CVE-2025-5066	Npm-electron-36.4.0	details Recommended version: 36.7.3 Description: Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: LOW `ID: mpPfcNQPPpVLDiSALE9ezlN1BGP9JB6va3ja5WGDlAw%3D` Vulnerable Package
CVE-2025-5281	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information vi... Attack Vector: NETWORK Attack Complexity: LOW `ID: K6JXMaboVhBBU22YOiIvUj3%2FKPmeZjVm1Kb9IQ5NopA%3D` Vulnerable Package
CVE-2025-5283	Npm-electron-36.4.0	details Recommended version: 36.7.0 Description: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM... Attack Vector: NETWORK Attack Complexity: LOW `ID: 6MJtQY3qPqPOL7MkL2QWMfj3VOM63UwRzKu%2Fs8D3lVQ%3D` Vulnerable Package
CVE-2025-6555	Npm-electron-36.4.0	details Recommended version: 36.7.0 Description: Use After Free in Animation in Google Chrome prior to 138.0.7204.49, allowed a remote attacker to potentially exploit heap corruption via a crafted... Attack Vector: NETWORK Attack Complexity: LOW `ID: 363zTuYZsh1HOgLwTB47HJSLmv4R3aHp9jgfEsoRVmo%3D` Vulnerable Package
CVE-2025-6556	Npm-electron-36.4.0	details Recommended version: 36.7.1 Description: Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a... Attack Vector: NETWORK Attack Complexity: LOW `ID: 2vMYPeWWJ9U01STFqSBclJsWM1MjwRreckFP8VQHSbA%3D` Vulnerable Package
CVE-2025-6557	Npm-electron-36.4.0	details Recommended version: 36.7.0 Description: Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: LOW `ID: gHfWbtRSGx2CvlIxlb5QqEbQqWZzT2xTtpZXzgb3cF4%3D` Vulnerable Package
CVE-2025-8577	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: Inappropriate implementation in Picture In Picture in Google Chrome through 139.0.7258.65 allowed a remote attacker who convinced a user to engage ... Attack Vector: NETWORK Attack Complexity: LOW `ID: Gc6hs6W28KhxIbL7Lk3zBM8xbdsYLykhopOOedTtMQE%3D` Vulnerable Package
CVE-2025-8579	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: An inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to eng... Attack Vector: NETWORK Attack Complexity: LOW `ID: ORCF3F2wEagpEutvGTd26wSKVtP4phFlXB96KPqnuX0%3D` Vulnerable Package
CVE-2025-8580	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: An inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a craft... Attack Vector: NETWORK Attack Complexity: LOW `ID: CqxImZ9NiDUmZyb2OPqUUz8ro54HYCyf0zIVUgQWMr4%3D` Vulnerable Package
CVE-2025-8581	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: Inappropriate implementation in Extensions in Google Chrome through 139.0.7258.65 allowed a remote attacker who convinced a user to engage in speci... Attack Vector: NETWORK Attack Complexity: LOW `ID: SN0%2FSCgCPDOi2kLVFgp07UZP6aKprItC65XcK8glMus%3D` Vulnerable Package
CVE-2025-8582	Npm-electron-36.4.0	details Recommended version: 36.8.0 Description: Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the O... Attack Vector: NETWORK Attack Complexity: LOW `ID: f6mP4%2FkRzqjrJ3ZOLooF0OrqfkybyaVf1OqgMuAtBqg%3D` Vulnerable Package

[PM-24279] Utilize Policy vNext endpoint

2aaeb2e

JimmyVo16 commented Sep 5, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[PM-24279] Utilize Policy vNext endpoint #16317

[PM-24279] Utilize Policy vNext endpoint #16317

JimmyVo16 commented Sep 5, 2025

Uh oh!

JimmyVo16 Sep 5, 2025

Uh oh!

sonarqubecloud bot commented Sep 5, 2025

Uh oh!

github-actions bot commented Sep 5, 2025

Uh oh!

Uh oh!

[PM-24279] Utilize Policy vNext endpoint #16317

Are you sure you want to change the base?

[PM-24279] Utilize Policy vNext endpoint #16317

Conversation

JimmyVo16 commented Sep 5, 2025

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

🦮 Reviewer guidelines

Uh oh!

JimmyVo16 Sep 5, 2025

Choose a reason for hiding this comment

Uh oh!

sonarqubecloud bot commented Sep 5, 2025

Quality Gate passed

Uh oh!

github-actions bot commented Sep 5, 2025

Uh oh!

Uh oh!