Bump the patch-updates group across 1 directory with 6 updates

[dependabot]

Bumps the patch-updates group with 6 updates in the / directory:

Package	From	To
@astrojs/check	0.9.7	0.9.9
@astrojs/rss	4.0.17	4.0.18
@iconify-json/material-symbols	1.2.62	1.2.71
katex	0.16.38	0.16.46
sanitize-html	2.17.1	2.17.4
@astrojs/ts-plugin	1.10.7	1.10.8

Updates @astrojs/check from 0.9.7 to 0.9.9

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Changelog

Sourced from @​astrojs/check's changelog.

0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

0.9.8

Patch Changes

• #15892 a2f597d Thanks @​Princesseuh! - Fixes Astro not being able to find astro check sometimes

• Updated dependencies [7b4b254]:

  • @​astrojs/language-server@​2.16.5

Commits

• c1f2e4f [ci] release (#16467)
• f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
• 184700c fix(deps): update language tools (#16230)
• 88fcc98 fix integrations links across docs (#16098)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• 09ecdd7 [ci] release (#15889)
• a2f597d fix(check): Revert publint lint fix (#15892)
• See full diff in compare view

Updates @astrojs/rss from 4.0.17 to 4.0.18

Release notes

Sourced from @​astrojs/rss's releases.

@​astrojs/rss@​4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Changelog

Sourced from @​astrojs/rss's changelog.

4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Commits

• 4a6ff2a [ci] release (#16020)
• fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
• See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.62 to 1.2.71

Commits

• See full diff in compare view

Updates katex from 0.16.38 to 0.16.46

Release notes

Sourced from katex's releases.

v0.16.46

0.16.46 (2026-05-13)

Bug Fixes

• preserve math font in some styling commands (#4214) (e9ee046), closes #4213

v0.16.45

0.16.45 (2026-04-05)

Bug Fixes

• wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

v0.16.44

0.16.44 (2026-03-27)

Bug Fixes

• remove extra \jot space at bottom of align/gather/etc. (#4184) (3870ee9)

v0.16.43

0.16.43 (2026-03-26)

Bug Fixes

• use makeEm() consistently to truncate long CSS decimals (#4181) (0967dcc)

v0.16.42

0.16.42 (2026-03-24)

Features

• \underbracket and \overbracket (#4147) (5be9abb)

v0.16.41

0.16.41 (2026-03-24)

Bug Fixes

• \sout in text mode (#4173) (e748578)

v0.16.40

0.16.40 (2026-03-20)

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.46 (2026-05-13)

Bug Fixes

• preserve math font in some styling commands (#4214) (e9ee046), closes #4213

0.16.45 (2026-04-05)

Bug Fixes

• wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

0.16.44 (2026-03-27)

Bug Fixes

• remove extra \jot space at bottom of align/gather/etc. (#4184) (3870ee9)

0.16.43 (2026-03-26)

Bug Fixes

• use makeEm() consistently to truncate long CSS decimals (#4181) (0967dcc)

0.16.42 (2026-03-24)

Features

• \underbracket and \overbracket (#4147) (5be9abb)

0.16.41 (2026-03-24)

Bug Fixes

• \sout in text mode (#4173) (e748578)

0.16.40 (2026-03-20)

Bug Fixes

• css: specify position: relative for .katex (#4170) (020f0d8)

0.16.39 (2026-03-19)

... (truncated)

Commits

• 2c25b47 chore(release): 0.16.46 [ci skip]
• e9ee046 fix: preserve math font in some styling commands (#4214)
• 88256c0 ci(screenshotter): require safe to test label for PRs (#4211)
• a3fce45 ci(screenshotter): disable cache (#4209)
• 9de4b3d chore: update linters (#4205)
• c224153 refactor: improve typing for fonts (#4200)
• 89a3d67 chore(deps): update dependency postcss to v8.5.10 [security] (#4202)
• 441e6ca chore: update stylelint and adjust styles for updated set of rules (#4201)
• bdec9b0 docs: support for persian/arabic numerals (#4190)
• efedddd refactor(types): resolve most as any casts and TODO(ts) comments (#4171)
• Additional commits viewable in compare view

Updates sanitize-html from 2.17.1 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

2.17.2 (2026-03-19)

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

Commits

• See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.7 to 1.10.8

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.