chore: bump the npm-patch-minor group with 2 updates

[dependabot]

Bumps the npm-patch-minor group with 2 updates: vite-plus and vitest.

Updates vite-plus from 0.1.24 to 0.2.1

Release notes

Sourced from vite-plus's releases.

vite-plus v0.2.1

Restores support for older Node.js (back to 20.19.0) and makes vp exec --fail-if-no-match fail correctly on unmatched filters.

Fixes & Enhancements

• Stop blocking older Node.js versions: v0.2.0 blocked commands when the resolved Node.js version fell outside the declared range. This reverts that enforcement and widens engines.node to ^20.19.0 || ^22.18.0 || >=24.11.0, matching Vite's own ^20.19.0 floor, so older Node that works in practice (e.g. Node 20 in rolldown CI) is no longer rejected (#1865), by @​fengmk2
• vp exec --fail-if-no-match: exit non-zero when one or more --filter expressions match no workspace packages. Strict mode previously only warned and returned success, so typoed filters looked successful in CI even though no package command ran (#1859), by @​jong-kyung

Bundled Versions

Tool	Version	Source
vite	8.0.16	f94df87
rolldown	1.1.1	d7f919c
tsdown	0.22.3	npm
vitest	4.1.9	npm
oxlint	1.70.0	npm
oxlint-tsgolint	0.23.0	npm
oxfmt	0.55.0	npm

Upgrade

vp upgrade

Upgrading from 0.1.x to 0.2.1 Prompt

You are upgrading a project that uses Vite+ (the `vp` CLI) from v0.1.x to v0.2.1.
v0.2.1 has one breaking change vs v0.1.x: it consumes upstream Vitest directly. The @voidzero-dev/vite-plus-test wrapper package is removed. vitest and the base browser runtime (@vitest/browser, @vitest/browser-preview) now come in transitively through vite-plus. The opt-in browser providers (@vitest/browser-playwright, @vitest/browser-webdriverio) are NOT shipped by vite-plus: any project that runs browser-mode tests must install the provider it uses itself.
Do not run vp migrate for this upgrade; it is not reliable enough yet. Make the changes yourself by editing the project's files, then verify by running the tools.
How to run vp: if a global vp is available, use it. Otherwise this project only ships the local CLI from the vite-plus package, so run vp as the project-local binary (for example via the package manager's exec: pnpm exec, npx, yarn, or bunx). After any install, re-resolve vp so you always run the version currently in the project.
Do the following:


Set the vite-plus dependency to the exact version 0.2.1 and reinstall, so the new toolchain is installed and the lockfile moves off 0.1.x. In a monorepo, do this for every workspace package that depends on vite-plus (a shared catalog: entry covers them all at once). Changing the spec to 0.2.1 is what moves the lockfile off the old resolution; a reinstall that leaves the spec unchanged would keep the old version.


Remove the @voidzero-dev/vite-plus-test wrapper from the project. Search everywhere it could appear: package.json, the lockfile, any workspace or catalog config (such as pnpm-workspace.yaml or .yarnrc.yml), and the source files. Then classify the project and apply the matching case. Note these are not exclusive: a browser-mode project is also handled by case C in addition to removing the wrapper config.
First, determine the project's Vitest usage:

BROWSER MODE: the project runs Vitest in the browser. It does if a config or test file imports a real browser provider (vite-plus/test/browser-playwright or vite-plus/test/browser-webdriverio, or the pre-upgrade raw forms @vitest/browser-playwright / @vitest/browser-webdriverio), or sets test.browser.enabled. This needs extra deps regardless of anything below; see case C.
DIRECT vitest usage: a source or test file imports directly from vitest or @vitest/..., or a @vitest/* package is listed in its dependencies (for example a coverage provider). Plain imports from vite-plus/test and vite-plus/test/* do NOT count as direct usage; a vite-plus/test/browser-* provider import is a browser-mode signal (case C), not direct usage.

Case A - node-mode only (no direct vitest usage, no browser mode; the common case): remove the vitest configuration entirely. In package.json, delete the vitest entry from dependencies / devDependencies in whatever form it takes (a @voidzero-dev/vite-plus-test alias, a catalog: reference, or a plain version). Also remove the vitest entry from every dependency-resolution mechanism in the project: both overrides and resolutions, pnpm overrides/catalog (in package.json or pnpm-workspace.yaml), and any catalog entry. If vitest appears in more than one of these, remove all of them. Do not add a pinned vitest; it arrives transitively through vite-plus and the node-mode test command works without it.
Case B - direct vitest usage: pin upstream vitest to the version bundled with vite-plus (4.1.9 for v0.2.1), and upgrade every vitest ecosystem package the project depends on so the whole tree resolves to a single vitest. Set each @vitest/* package the project lists (for example @vitest/coverage-v8, @vitest/ui, @vitest/browser) to that same version (4.1.9), since those are pinned to an exact vitest version. Also update any other vitest integration package (such as vitest-browser-*) to a release compatible with that vitest version. Leaving an ecosystem package on an older version pulls in a second copy of vitest, which Vitest rejects at runtime.
</tr></table>

... (truncated)

Commits

• a0ed270 release: v0.2.1 (#1874)
• bf5a938 revert: stop blocking older Node.js versions (#1865)
• aeea7b9 fix(exec): exit non-zero for unmatched filters with --fail-if-no-match (#1859)
• 6f97f09 release: v0.2.0 (#1856)
• 6b036e8 feat: allow vp config opt-outs (#1842)
• 740319f docs: sync command lists with help output (#1850)
• 9b1ade6 fix(create): preserve shorthand fmt/lint config keys (#1843)
• 342fd2f refactor!: replace @​voidzero-dev/vite-plus-test with upstream vitest (#1588)
• d764e09 feat(deps): upgrade upstream dependencies (#1834)
• b8b73de feat(create): approve dependency build scripts blocked by the package manager...
• Additional commits viewable in compare view

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
• 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
• a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[altaywtf]

Landed this dependency update directly on main in a6fa271 after verifying the combined result.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml