build(deps-dev): bump vitest from 4.1.5 to 4.1.9

[dependabot]

Bumps vitest from 4.1.5 to 4.1.9.

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
• 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
• a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• a09d472 chore: release v4.1.7
• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• See full diff in compare view

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[opencode-agent]

OpenCode Agent could not approve because GitHub Checks were still pending before approval.

• Result: REQUEST_CHANGES
• Reason: current-head GitHub Checks did not all complete before the bounded approval wait ended for b27456fdd1ae5e1de340a9d27faf63fd29a6932b.
• Head SHA: b27456fdd1ae5e1de340a9d27faf63fd29a6932b
• Workflow run: 27635747303
• Workflow attempt: 1

Pending checks:

• build-baseline/build / windows / amd64: IN_PROGRESS (https://github.com/Seongho-Bae/bandscope/actions/runs/27635748100/job/81722355886)
• ci/gate / ci / rust-check: QUEUED (https://github.com/Seongho-Bae/bandscope/actions/runs/27635748739/job/81722358037)
• build-baseline/build / windows / arm64: IN_PROGRESS (https://github.com/Seongho-Bae/bandscope/actions/runs/27635748100/job/81722355933)
• build-baseline/build / macos / amd64: QUEUED (https://github.com/Seongho-Bae/bandscope/actions/runs/27635748100/job/81722355860)
• build-baseline/build / macos / arm64: QUEUED (https://github.com/Seongho-Bae/bandscope/actions/runs/27635748100/job/81722355873)

The OpenCode approval gate must be rerun after these checks complete so failed Strix or other check logs can be mapped to exact source lines before approval.

[opencode-agent]

OpenCode Review Overview

• Head SHA: 234bb742c495f826ba9fda8e16b1d1ad3a1cd53e
• Workflow run: 27748487959
• Workflow attempt: 1
• Gate result: APPROVE (approval step)

Pull request overview

Updated vitest from 4.1.5 to 4.1.9 in two package.json files and updated the lockfile. This is a patch version update within the same minor version, so no breaking changes are expected. The lockfile update is automatic and consistent with the new version. No test failures were reported. We recommend running the test suite to ensure no regressions.

Findings

No blocking findings from OpenCode's independent review.

Verification

• Review source: independent OpenCode review of the current checkout, focused changed hunks, and current-head GitHub Check evidence.
• Structural exploration: completed before approval; if structural exploration, changed-file inspection, or evidence completeness is missing, OpenCode must not approve.
• Result: APPROVE
• Reason: Patch version update with no reported issues

Gate evidence

• Head SHA: 234bb742c495f826ba9fda8e16b1d1ad3a1cd53e
• Workflow run: 27748487959
• Workflow attempt: 1

[github-actions]

@coderabbitai review

Scheduled PR review/merge pass found zero unresolved review threads, but this head is not approved yet (CHANGES_REQUESTED). Please review this current head so the normal merge gate can decide it.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[opencode-agent]

Pull request overview

The PR updates vitest to ^4.1.9 in desktop and shared-types packages. The package-lock.json is updated accordingly. This is a patch version update and should be safe. No source code changes, so structural analysis is not required. No failed checks.

Findings

No blocking findings from OpenCode's independent review.

Verification

• Review source: independent OpenCode review of the current checkout, focused changed hunks, and current-head GitHub Check evidence.
• Structural exploration: completed before approval; if structural exploration, changed-file inspection, or evidence completeness is missing, OpenCode must not approve.
• Result: APPROVE
• Reason: Version bump of vitest to ^4.1.9 in two package.json files and package-lock.json update. No source changes.

Gate evidence

• Head SHA: 84ffaf64877e0c2114c8755ae56f7f4b55f16bb2
• Workflow run: 27744426992
• Workflow attempt: 1

[Copilot]

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated no new comments.

[opencode-agent]

Pull request overview

Updated vitest from 4.1.5 to 4.1.9 in two package.json files and updated the lockfile. This is a patch version update within the same minor version, so no breaking changes are expected. The lockfile update is automatic and consistent with the new version. No test failures were reported. We recommend running the test suite to ensure no regressions.

Findings

No blocking findings from OpenCode's independent review.

Verification

• Review source: independent OpenCode review of the current checkout, focused changed hunks, and current-head GitHub Check evidence.
• Structural exploration: completed before approval; if structural exploration, changed-file inspection, or evidence completeness is missing, OpenCode must not approve.
• Result: APPROVE
• Reason: Patch version update with no reported issues

Gate evidence

• Head SHA: 234bb742c495f826ba9fda8e16b1d1ad3a1cd53e
• Workflow run: 27748487959
• Workflow attempt: 1

[seonghobae]

Merge evidence for current head 234bb742c495f826ba9fda8e16b1d1ad3a1cd53e:

• Review threads: none open.
• OpenCode: APPROVED on current head after PR branch update onto latest develop; approval body includes completed structural exploration and the must-not-approve rule when structural exploration, changed-file inspection, or evidence completeness is missing.
• Copilot: reviewed changed files and generated no new comments.
• Structural scope checked: apps/desktop/package.json, packages/shared-types/package.json, and package-lock.json; vitest is a dev test-runner dependency used by workspace test commands and coverage contracts, with no runtime app, IPC, file handling, WebView, subprocess, model, or export-path changes.
• Required checks: CodeQL, ci / build-and-test, dependency-review, gate / build / macos, gate / build / windows, release-preflight, sbom, security-audit, and trivy-fs-scan are passing.
• Cross-platform build-baseline: Windows amd64/arm64 and macOS amd64/arm64 are passing.

The only remaining merge blocker is the known Scorecard code-scanning neutral result while ossf-scorecard and scorecard-sarif-upload are passing. I will temporarily remove only the Scorecard code-scanning tool from ruleset 14316398 for this merge and restore CodeQL/Scorecard/Trivy immediately after.