Reference DN Rust deps env install script

[neuronull]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34175

📔 Objective

Reference the new Rust env install script in the DN dependencies section.

I hesitate to put it in the general Tools page, because that is not specific for clients , and the other repos in the project might have different versioning requirements for the cargo binaries or toolchains.

📸 Screenshots

[github-actions]

Checkmarx One – Scan Summary & Details – 9fc1db96-940c-4eb6-94dd-2086bc144352

---

New Issues (8)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2026-33891	Npm-node-forge-1.3.1	details Recommended version: 1.4.0 Description: A Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the "BigInteger.modInverse()" function (inherit... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2026-33894	Npm-node-forge-1.3.1	details Recommended version: 1.4.0 Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 s... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2026-33895	Npm-node-forge-1.3.1	details Recommended version: 1.4.0 Description: Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid s... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2026-33896	Npm-node-forge-1.3.1	details Recommended version: 1.4.0 Description: `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstr... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
5		CVE-2026-4867	Npm-path-to-regexp-0.1.12	details Recommended version: 0.1.13 Description: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a peri... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2026-4926	Npm-path-to-regexp-3.3.0	details Recommended version: 8.4.0 Description: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as "{a}{b}{c}:z". The genera... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2026-4926	Npm-path-to-regexp-0.1.12	details Recommended version: 0.1.13 Description: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as "{a}{b}{c}:z". The genera... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2026-4926	Npm-path-to-regexp-1.9.0	details Recommended version: 8.4.0 Description: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as "{a}{b}{c}:z". The genera... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package

[Hinton]

What about windows? They don't run bash scripts.

[neuronull]

Good point. We could have two versions of the script one for Unix and one for Windows. Unless you have alternative suggestions? Not sure if there is any prior art from other repos in the org, where we might have a similar situation. If we go with two flavors of the script, I guess that would be written in powershell.

[Hinton]

Server is one example, it primarily uses powershell since it's cross platform.

[eliykat]

I hesitate to put it in the general Tools page, because that is not specific for clients

There is a spot for this: see docs/getting-started/clients/index.md > Requirements heading. That links out to the general Tools page today, but there's no reason that we can't have information directly under that heading. To me this entire Dependencies section could/should be on that page given that it's part of the monorepo tooling.