chore(deps): bump 6 patch-level deps

[ggazzo]

Summary

• Second round of patch-level dependency bumps (follow-up to chore(deps): bump 50 patch-level deps across monorepo #40172)
• Uses ~X.Y.Z for @react-pdf/renderer to prevent the ^ minor-jump issue that affected react-virtuoso in the previous PR

Bumps

• @react-pdf/renderer 4.3.2 → 4.3.3 (pinned with ~ to stay patch-level)
• @xmldom/xmldom 0.8.12 → 0.8.13
• @swc/core 1.15.26 → 1.15.30
• dompurify 3.4.0 → 3.4.1
• html-webpack-plugin 5.6.6 → 5.6.7
• jsrsasign 11.1.2 → 11.1.3
• vite 8.0.8 → 8.0.9

Deliberately skipped

Known breaking patches from prior investigation in #40172:

• @noble/ed25519 3.0.0 → 3.0.1 — broke E2EE (new negative-coordinate validation)
• cron 1.8.2 → 1.8.3 — migrated moment-timezone → luxon internally
• hono 4.12.5 → 4.12.14 — cookie/CORS behavioral changes

Pre-release bumps skipped:

• @react-aria/toolbar nightly
• @react-spectrum/test-utils alpha → beta

Test plan

• CI passes (unit, API, UI, federation, storybook)
• No snapshot drift

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated several third-party libraries and build tools (including dompurify, @xmldom/xmldom, jsrsasign, vite, @swc/core, and html-webpack-plugin).
  • These are dependency version bumps only; no changes to public APIs or user-facing features.

Task: ARCH-2110

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: e61cb21

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3d58f9c1-9786-447f-a3d9-f44160fb9263

📥 Commits

Reviewing files that changed from the base of the PR and between b820830 and e61cb21.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• apps/meteor/package.json

✅ Files skipped from review due to trivial changes (1)

• apps/meteor/package.json

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

---

Walkthrough

Bumped dependency versions across multiple package.json files: dompurify updated to ~3.4.1 in several packages; other individual dependency bumps include @xmldom/xmldom, jsrsasign, vite, @swc/core, and html-webpack-plugin.

Changes

Cohort / File(s)	Summary
dompurify version bump to ~3.4.1 apps/meteor/package.json, packages/gazzodown/package.json, packages/livechat/package.json, packages/ui-client/package.json, packages/web-ui-registration/package.json	Updated dompurify from ~3.4.0 to ~3.4.1.
apps/meteor dependency bumps apps/meteor/package.json	Bumped @xmldom/xmldom from ~0.8.12 to ~0.8.13, and jsrsasign from ^11.1.2 to ^11.1.3; also updated dompurify per above.
Development/build tooling updates apps/uikit-playground/package.json, packages/jest-presets/package.json, packages/livechat/package.json	Updated vite to ^8.0.9, @swc/core to 1.15.30, and html-webpack-plugin to ~5.6.7 respectively.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

type: chore

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(deps): bump 6 patch-level deps' accurately summarizes the main change: updating 6 patch-level dependencies across multiple package.json files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (2)

• ARCH-2110: Request failed with status code 401
• BUMP-2: Request failed with status code 401

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[tassoevan]

Apart from @react-pdf/renderer (which uses a patched package, @react-pdf/layout) everything seems safe to upgrade.

[ggazzo]

/jira ARCH-2083

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.81%. Comparing base (afb1b83) to head (e61cb21).
⚠️ Report is 2 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #40261      +/-   ##
===========================================
- Coverage    69.82%   69.81%   -0.02%     
===========================================
  Files         3296     3296              
  Lines       119173   119173              
  Branches     21453    21471      +18     
===========================================
- Hits         83215    83197      -18     
- Misses       32666    32674       +8     
- Partials      3292     3302      +10     

Flag	Coverage Δ
e2e	59.73% <ø> (-0.04%)	⬇️
e2e-api	46.26% <ø> (+0.02%)	⬆️
unit	70.54% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.