build(deps): bump https://github.com/microsoft/vcpkg from HEAD to 2026.03.18

[dependabot]

Bumps https://github.com/microsoft/vcpkg from HEAD to 2026.03.18. This release includes the previously tagged commit.

Release notes

Sourced from https://github.com/microsoft/vcpkg's releases.

2026.03.18 Release

This release contains a fix for a vulnerability in how vcpkg packaged OpenSSL on Windows: microsoft/vcpkg#50518

The vulnerability was originally reported by TrendAI Zero Day Initiative and assigned ZDI-CAN-29616 (visible at the time of this writing on https://www.zerodayinitiative.com/advisories/upcoming/ ).

If you only want to update OpenSSL you should be able to override the selected version to 3.6.1#3 or later.

Total port count: 2773

Total port count per triplet (tested): https://dev.azure.com/vcpkg/public/_build/results?buildId=128681&view=results

triplet	ports available
x86-windows	2583
x64-windows	2714
x64-windows-release	2714
x64-windows-static	2594
x64-windows-static-md	(infrastructure failed... 2 days earlier build result was 2648)
arm64-windows	2346
arm64-windows-static-md	2329
arm64-osx	2528
x64-linux	2725
arm64-linux	2091
arm-neon-android	2135
x64-android	2197
arm64-android	2144

The following vcpkg-tool releases have occurred since the last registry release:

• https://github.com/microsoft/vcpkg-tool/releases/tag/2026-03-04

In those tool releases, the following changes are particularly meaningful:

• Fix mismatched VCPKG_ROOT warnings when Visual Studio has vcpkg installed by @​BillyONeal in microsoft/vcpkg-tool#1931

port	version
ddtdanilo-lmdb-wrapper	1.0.1
frei0r	2.5.4
hesphoros-uniconv	3.3.2
libdxfrw	2025-09-25
libsharp	1.0.0
obfuscxx	1.3.1
sdl3-mixer	3.2.0
spine-c	4.2.20260227
spine-cpp	4.2.20260227
stillwater-universal	3.96

... (truncated)

Commits

• c3867e7 Fix IncrementalClean deleting vcpkg-deployed DLLs on incremental builds (#50521)
• 5111afd [openssl] Don't set openssldir to a potentially-world-writable location. (#50...
• a621075 [lexbor] update to 2.7.0 (#50452)
• b00467f [spine-runtimes] Update to 4.2.20260227 (#50251)
• ddf4743 [nlopt] add a feature to compile luksan's alg and fill the license field in j...
• 5becb67 Update Detours (#50487)
• 717f2c1 [aws-c-io] update to 0.26.2 (#50526)
• 4ef2a71 [many ports] switch to vcpkg-make (#50498)
• 7e99dc2 [basisu] update to 2.1.0 (#50522)
• a9ebf22 [tmxlite] update to 1.4.5 (#50523)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)