fix(deps): update non-major-updates (feature/beta-release)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@tanstack/react-query (source)	^5.91.0 → ^5.91.2			dependencies	patch
anchore/syft	1.42.2 → 1.42.3				patch
eslint-plugin-testing-library	^7.16.0 → ^7.16.1			devDependencies	patch
github/codeql-action	7da6361 → 30c555a			action	digest
i18next (source)	^25.8.18 → ^25.8.20			dependencies	patch
knip (source)	^5.88.0 → ^5.88.1			devDependencies	patch
vite (source)	^8.0.0 → ^8.0.1			devDependencies	patch
vite (source)	8.0.0 → 8.0.1			overrides	patch
vite (source)	^8.0.0 → ^8.0.1			devDependencies	patch

---

Release Notes

anchore/syft (anchore/syft)

v1.42.3

Compare Source

Bug Fixes

• Missing secondary evidence for .NET dependency in ghcr.io/open-telemetry/demo:2.0.0-accounting image [#​4652]

Additional Changes

• bump github.com/buger/jsonsparser to v1.1.2 [#​4680 @​willmurphyscode]
• centralize temp files and prefer streaming IO [#​4668 @​willmurphyscode]

(Full Changelog)

i18next/i18next (i18next)

v25.8.20

Compare Source

• • fix: getFixedT() selector now resolves namespaces against the effective ns rather than the global init options #​2406

vitejs/vite (vite)

v8.0.1

Compare Source

Features

• update rolldown to 1.0.0-rc.10 (#​21932) (b3c067d)

Bug Fixes

• bundled-dev: properly disable inlineConst optimization (#​21865) (6d97142)
• css: lightningcss minify failed when build.target: 'es6' (#​21933) (5fcce46)
• deps: update all non-major dependencies (#​21878) (6dbbd7f)
• dev: always use ESM Oxc runtime (#​21829) (d323ed7)
• dev: handle concurrent restarts in _createServer (#​21810) (40bc729)
• handle + symbol in package subpath exports during dep optimization (#​21886) (86db93d)
• improve no-cors request block error (#​21902) (5ba688b)
• use precise regexes for transform filter to avoid backtracking (#​21800) (dbe41bd)
• worker: require(json) result should not be wrapped (#​21847) (0672fd2)
• worker: make worker output consistent with client and SSR (#​21871) (69454d7)

Miscellaneous Chores

• add changelog rearrange script (#​21835) (efef073)
• deps: bump required @vitejs/devtools version to 0.1+ (#​21925) (12932f5)
• deps: update rolldown-related dependencies (#​21787) (1af1d3a)
• rearrange 8.0 changelog (8e05b61)
• rearrange 8.0 changelog (#​21834) (86edeee)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[github-actions]

🚨 Supply Chain Verification Results

❌ FAILED

📦 SBOM Summary

• Components: 1483

🔍 Vulnerability Scan

Severity	Count
🔴 Critical	3
🟠 High	4
🟡 Medium	4
🟢 Low	2
Total	13

📎 Artifacts

• SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

---

_{Generated by Supply Chain Verification workflow • View Details}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!