Update all patch versions

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@vitejs/plugin-react (source)	6.0.1 → 6.0.2			devDependencies	patch
cargo-nextest	0.9.135 → 0.9.136			workspace.dependencies	patch
crate-ci/typos	v1.46.1 → v1.46.2			action	patch
dompurify	3.4.2 → 3.4.3			dependencies	patch	3.4.5
github/codeql-action	v4.35.4 → v4.35.5			action	patch
openssl	0.10.79 → 0.10.80			workspace.dependencies	patch
tar	0.4.45 → 0.4.46			dependencies	patch
vite (source)	8.0.12 → 8.0.13			devDependencies	patch

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v6.0.2

Compare Source

Allow all options in reactCompilerPreset (#​1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

nextest-rs/nextest (cargo-nextest)

v0.9.136: cargo-nextest 0.9.136

Compare Source

Added

• Following up from the recently-added schema for repository configuration, nextest now also provides a JSON Schema for user configuration. The schema for the running version can be obtained by running cargo nextest self schema user-config. (#​3351)

Changed

• The max-progress-running user-config setting no longer accepts numeric strings like "8" (an undocumented fallback). The supported values remain a non-negative integer (e.g. 8) or "infinite". (#​3350)

crate-ci/typos (crate-ci/typos)

v1.46.2

Compare Source

[1.46.2] - 2026-05-16

Fixes

• Don't correct to criterias
• Don't correct to replaceables

cure53/DOMPurify (dompurify)

v3.4.3

Compare Source

github/codeql-action (github/codeql-action)

v4.35.5

Compare Source

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

rust-openssl/rust-openssl (openssl)

v0.10.80

Compare Source

What's Changed

• Prefer Homebrew openssl@​4 and stop looking for openssl@​1.1 by @​alex in #​2633
• Fix output buffer overflow in cipher_update_inplace for AES key-wrap-with-padding by @​alex in #​2638
• Release openssl 0.10.80 and openssl-sys 0.9.116 by @​alex in #​2639

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.79...openssl-v0.10.80

composefs/tar-rs (tar)

v0.4.46

Compare Source

Security

• archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @​cgwalters in #​454

See also GHSA-3cv2-h65g-fgmm

Other changes

• ci: Fix and re-enable reverse dependency testing by @​cgwalters in #​444
• Update astral-tokio-tar requirement from 0.5 to 0.6 by @​dependabot[bot] in #​446
• Update some links by @​atouchet in #​445
• Add support of absolute paths by @​zxvfc in #​426
• docs: Expand notes on concurrent mutations and following symlinks by @​cgwalters in #​453
• Update repo links by @​cgwalters in #​451
• ci: Add crates.io trusted publishing workflow by @​cgwalters in #​456
• Release 0.4.46 by @​cgwalters in #​455

New Contributors

• @​dependabot[bot] made their first contribution in #​446
• @​atouchet made their first contribution in #​445
• @​zxvfc made their first contribution in #​426

Full Changelog: composefs/tar-rs@0.4.45...0.4.46

vitejs/vite (vite)

v8.0.13

Compare Source

Features

• bundled-dev: add lazy bundling support (#​21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#​22357) (47071ce)
• update rolldown to 1.0.1 (#​22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#​22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #​22274) (#​22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#​22439) (8e59c97)
• make isBundled per environment (#​22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#​22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#​22430) (6ea3838)
• update changelog (#​22413) (fcdc87c)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 8am every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.2%. Comparing base (797b3e5) to head (d669f8b).

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #1450   +/-   ##
=====================================
  Coverage   82.2%   82.2%           
=====================================
  Files        125     125           
  Lines      10241   10241           
=====================================
+ Hits        8420    8422    +2     
+ Misses      1821    1819    -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.