Claude finished @brandonbiete's task —— View job

Code Review Summary

This PR updates macOS workflow runners from macos-13 to macos-15-intel for both CLI and GUI build jobs. The changes are minimal, focused, and already verified by successful CI runs and human approval.

Findings

None - this is a clean infrastructure update.

Analysis

PR Metadata Quality

The PR follows Bitwarden conventions with clear title, linked Jira ticket (BRE-1367), and proper objective statement. No improvements needed.

Technical Review

Change Context
This PR follows commit 2883ff6 which reverted a previous runner upgrade to restore stability. Now the team is attempting a more targeted upgrade using macos-15-intel runners specifically (rather than generic macos-15 which may default to ARM).

Correctness

• Line 123 (.github/workflows/build.yml:123): runs-on: macos-15-intel for macos-cli job
• Line 430 (.github/workflows/build.yml:430): runs-on: macos-15-intel for macos-gui job

Both changes are syntactically correct and consistent with GitHub Actions runner label conventions.

Compatibility Verification
The workflow includes Intel-specific keytar binaries (darwin-x64) that match the Intel runner architecture:

• macos-cli job (line 151): Downloads keytar-v$keytarVersion-napi-v3-darwin-x64.tar
• Build commands target x64 architecture appropriately

CI Validation
✅ All checks passed, confirming the runners are available and functional
✅ Human reviewer (BTreston) verified build artifacts execute without errors
✅ Version tests passed for both CLI and GUI builds

Security Considerations

Checkmarx Findings (not blocking)
Two high-severity CVEs reported for Electron 39.1.0 (CVE-2025-12725, CVE-2025-12726). These are pre-existing dependency issues unrelated to the runner change. Checkmarx recommends upgrading to Electron 39.2.0, but this should be tracked separately from the infrastructure update.

Recommendation

✅ Approve - This is a straightforward infrastructure update with:

• Proper scope (runner version only)
• Successful validation (CI + manual testing)
• No code behavior changes
• Clear rollback history if issues arise

The Electron vulnerabilities should be addressed in a separate security update PR.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 6.87%. Comparing base (99655a0) to head (233ea8d).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

@@          Coverage Diff          @@
##            main    #928   +/-   ##
=====================================
  Coverage   6.87%   6.87%           
=====================================
  Files         67      67           
  Lines       2791    2791           
  Branches     481     481           
=====================================
  Hits         192     192           
  Misses      2585    2585           
  Partials      14      14           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Checkmarx One – Scan Summary & Details – c3855804-a1ee-4b34-b94f-81d9e89874f1

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-12725	Npm-electron-39.1.0	details Recommended version: 39.2.0 Description: Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an Out-of-Bounds memory write... Attack Vector: NETWORK Attack Complexity: LOW ID: vfUK0bf8V8GGru7RVX4rHMCcJv9DrJJOhCrqtnx5h1E%3D Vulnerable Package
	CVE-2025-12726	Npm-electron-39.1.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the rendere... Attack Vector: NETWORK Attack Complexity: HIGH ID: FiRYzG7wXIHZjKIzcFPF14fdPXSBSQlhGxd1fqNuGqw%3D Vulnerable Package