chore(release): publish 1.3.13

[appergb]

User description

Summary

• Release OpenLess 1.3.13 as the stable build after merging Add extra headers support for custom LLM providers #739.
• Promote app versions from 1.3.13-Beta.1 to 1.3.13 across package, Tauri, and Cargo metadata.
• Update Vite dev tooling to 6.4.3 and refresh package-lock to clear npm audit findings without using a semver-major Vite 8 upgrade.

Included user-facing change

• Custom LLM providers can configure extra HTTP headers stored in credentials, with reserved protocol headers blocked.

Verification

• npm run build -- --mode development
• cargo test --manifest-path openless-all/app/src-tauri/Cargo.toml extra_headers
• npm audit --audit-level=high
• npm audit --omit=dev --audit-level=high
• git diff --check
• GitNexus detect_changes: low risk, no affected execution flows

---

PR Type

Other

---

Description

• Bump version from 1.3.13-Beta.1 to 1.3.13

• Update Vite dev dependency from ^5.4.10 to ^6.4.3

---

File Walkthrough

Relevant files

Configuration changes

package.json Bump version and update Vite                                                          openless-all/app/package.json Version updated from 1.3.13-Beta.1 to 1.3.13 Vite dev dependency upgraded from ^5.4.10 to ^6.4.3 +2/-2      Cargo.toml Bump Crate version                                                                              openless-all/app/src-tauri/Cargo.toml Version updated from 1.3.13-Beta.1 to 1.3.13 +1/-1      tauri.conf.json Bump Tauri app version                                                                      openless-all/app/src-tauri/tauri.conf.json Version updated from 1.3.13-Beta.1 to 1.3.13 +1/-1

---

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 739 - Partially compliant Compliant requirements: (none – this PR only bumps version and updates a dev dependency; the implementation from #739 is not present in the diff) Non-compliant requirements: Add extra headers configuration entry for custom LLM providers using JSON object format. Store extra headers in credentials vault (not in plain config). Pass extra headers during provider validation, model fetching, and LLM provider construction. Validate header names (must be valid HTTP token) and values (must be string, no CR/LF). Support omitting default Bearer header when API Key is empty, for custom providers using only custom headers. Add i18n labels and backend tests. Requires further human verification: (empty – no unclear items)

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected