🎨 Renovate: Update vaultwarden/server Docker tag to v1.36.0

[SpiritLooper]

This PR contains the following updates:

Package	Update	Change
vaultwarden/server	minor	1.35.8 → 1.36.0

---

Release Notes

dani-garcia/vaultwarden (vaultwarden/server)

v1.36.0

Compare Source

Security Fixes

This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.

• SSO Login CSRF
  GHSA-pfp2-jhgq-6hg5
  GHSA-w6h6-8r66-hcv7
• User/Organization Enumeration
  GHSA-hxqh-ff5p-wfr3
• SSO existing-user binding
  GHSA-j4j8-gpvj-7fqr
  GHSA-6x5c-84vm-5j56
• SSRF via Icon Endpoint
  GHSA-72vh-x5jq-m82g
• Some crate's updated and other minor security enhancements

These are private for now, pending CVE assignment.

Notes

• Archiving of items is available
  https://bitwarden.com/blog/keep-your-vault-tidy-with-item-archiving/
  https://bitwarden.com/nl-nl/help/managing-items/#archive
• Web Vault updated to v2026.4.1

What's Changed

• SSO fallback to UserInfo preferred_username by @​Timshel in #​7128
• Dummy identifier need to pass for a guid by @​Timshel in #​7154
• add new /identity/accounts/prelogin/password by @​stefan0xC in #​7156
• Add DuckDuckGo browser device type by @​dfunkt in #​7147
• Apply duration_suboptimal_units lint findings by @​dfunkt in #​7144
• Apply ref_option lint findings by @​dfunkt in #​7143
• Fix hardcoded sso identifier by @​Timshel in #​7157
• Update crates and fix a nightly lint by @​BlackDex in #​7161
• Fix Host/IP resolving by @​BlackDex in #​7162
• Several SSO Fixes by @​BlackDex in #​7163
• Add support for archiving items by @​matt-aaron in #​6916
• Fix favicon fetching to check all icon links instead of just the first one by @​Shocker in #​6880
• Fix merge conflict by @​dani-garcia in #​7164
• Replace organization_uuid unwrap with proper error handling by @​xjohnyknox in #​6936
• fix: return Err instead of panic on unknown cipher atype in to_json() by @​mango766 in #​7068
• Allow SQLite to be linked against dynamically by @​ISSOtm in #​7057
• Update crates and web-vault by @​BlackDex in #​7171
• Update hickory by @​BlackDex in #​7175

New Contributors

• @​matt-aaron made their first contribution in #​6916
• @​Shocker made their first contribution in #​6880
• @​xjohnyknox made their first contribution in #​6936
• @​mango766 made their first contribution in #​7068
• @​ISSOtm made their first contribution in #​7057

Full Changelog: dani-garcia/vaultwarden@1.35.8...1.36.0

You can discuss this release here https://redirect.github.com/dani-garcia/vaultwarden/discussions/7177

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[github-actions]

Here is the diff to main:

--- k8s/apps/services Kustomization: flux-system/services HelmRelease: services/vaultwarden

+++ k8s/apps/services Kustomization: flux-system/services HelmRelease: services/vaultwarden

@@ -32,7 +32,7 @@

           httpGet:
             port: 80
       excludeShipLogs: true
-      image: vaultwarden/server:1.35.8
+      image: vaultwarden/server:1.36.0
       ingress:
         corspolicy: https://egghead.infrao.top
         domain: vaultwarden.egghead.infrao.top