bitwarden-desktop: 2024.2.0 -> 2024.3.0

The now-removed patch is in this release.

Notably, upstream commit e2ca52a3ff7bceb282f266fe49b974ca0c401358 has
given quite a bit of grief here. They changed
`apps/desktop/src/package.json` to add an external dependency for the
first time, but neglected to update the corresponding
`package-lock.json`. However, simply updating that is not enough as the
build process does not copy it into the `apps/desktop/build` dir where
`electron-builder` is ultimately run in, and it is `electron-builder` in
its "installing production dependencies" step that performs an `npm
install` in that directory.

Diff: https://github.com/bitwarden/clients/compare/desktop-v2024.2.0...desktop-v2024.3.0

Changelog: https://github.com/bitwarden/clients/releases/tag/desktop-v2024.3.0

pkgs/by-name/bi/bitwarden-desktop/electron-builder-package-lock.patch

@@ -0,0 +1,28 @@
+From 0629bb5b90e54491263e371bc5594e9f97ba0af4 Mon Sep 17 00:00:00 2001
+From: Andrew Marshall <andrew@johnandrewmarshall.com>
+Date: Tue, 12 Mar 2024 11:48:15 -0400
+Subject: [PATCH] Fix using unlocked dependencies in electron-builder
+
+electron-builder will perform its "installing production dependencies"
+step using this package.json, and without the package-lock.json, NPM
+will try to fetch package metadata to install the latest, unlocked
+dependencies.
+---
+ apps/desktop/webpack.main.js | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/apps/desktop/webpack.main.js b/apps/desktop/webpack.main.js
+index 9d683457d9..0ad707956e 100644
+--- a/apps/desktop/webpack.main.js
++++ b/apps/desktop/webpack.main.js
+@@ -70,6 +70,7 @@ const main = {
+     new CopyWebpackPlugin({
+       patterns: [
+         "./src/package.json",
++        "./src/package-lock.json",
+         { from: "./src/images", to: "images" },
+         { from: "./src/locales", to: "locales" },
+       ],
+-- 
+2.43.2
+

pkgs/by-name/bi/bitwarden-desktop/package.nix

@@ -5,7 +5,6 @@
 , dbus
 , electron_28
 , fetchFromGitHub
-, fetchpatch2
 , glib
 , gnome
 , gtk3
@@ -30,28 +29,38 @@ let
   electron = electron_28;
 in buildNpmPackage rec {
   pname = "bitwarden-desktop";
-  version = "2024.2.0";
+  version = "2024.3.0";
 
   src = fetchFromGitHub {
     owner = "bitwarden";
     repo = "clients";
     rev = "desktop-v${version}";
-    hash = "sha256-nCjcwe+7Riml/J0hAVv/t6/oHIDPhwFD5A3iQ/LNR5Y=";
+    hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g=";
   };
 
   patches = [
-    (fetchpatch2 {
-      url = "https://github.com/bitwarden/clients/commit/746bf0a4745423b9e70c2c54dcf76a95ffb62e11.patch";
-      hash = "sha256-P9MTsiNbAb2kKo/PasIm9kGm0lQjuVUxAJ3Fh1DfpzY=";
-    })
+    ./electron-builder-package-lock.patch
   ];
 
+  # The nested package-lock.json from upstream is out-of-date, so copy the
+  # lock metadata from the root package-lock.json.
+  postPatch = ''
+    cat {,apps/desktop/src/}package-lock.json \
+      | ${lib.getExe jq} -s '
+        .[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2
+          | .[0].packages."" = .[1].packages.""
+          | .[1].packages = .[0].packages
+          | .[1]
+        ' \
+      | ${moreutils}/bin/sponge apps/desktop/src/package-lock.json
+  '';
+
   nodejs = nodejs_18;
 
   makeCacheWritable = true;
   npmFlags = [ "--legacy-peer-deps" ];
   npmWorkspace = "apps/desktop";
-  npmDepsHash = "sha256-GJl9pVwFWEg9yku9IXLcu2XMJZz+ZoQOxCf1TrW715Y=";
+  npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc=";
 
   cargoDeps = rustPlatform.fetchCargoTarball {
     name = "${pname}-${version}";
@@ -67,7 +76,7 @@ in buildNpmPackage rec {
       patches;
     patchFlags = [ "-p4" ];
     sourceRoot = "${src.name}/${cargoRoot}";
-    hash = "sha256-LjwtOmIJlwtOiy36Y0pP+jJEwfmCGTN4RhqgmD3Yj6E=";
+    hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI=";
   };
   cargoRoot = "apps/desktop/desktop_native";