chore(deps-dev): bump vitest from 2.1.8 to 2.1.9

[dependabot]

Bumps vitest from 2.1.8 to 2.1.9.

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963
• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v2 - by @​hi-ogawa in vitest-dev/vitest#7318
• (backport #7340 to v2) restrict served files from /__screenshot-error - by @​hi-ogawa in vitest-dev/vitest#7343

    View changes on GitHub

Commits

• c9e59a0 chore: release v2.1.9
• e0fe1d8 fix: backport #7317 to v2 (#7318)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying namesake with    Cloudflare Pages

Latest commit:	1746fd3
Status:	✅  Deploy successful!
Preview URL:	https://23e26032.namesake-639.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-vite-pu52.namesake-639.pages.dev

View logs

[changeset-bot]

🦋 Changeset detected

Latest commit: 1746fd3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
namesake	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	54.01% ⬆️ +1.18%	4054 / 7506
🔵	Statements	54.01% ⬆️ +1.18%	4054 / 7506
🔵	Functions	57.38% 🟰 ±0%	171 / 298
🔵	Branches	80.38% 🟰 ±0%	332 / 413

File Coverage

No changed files found.

Generated in workflow #304 for commit 1746fd3 by the Vitest Coverage Report Action

[evadecker]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.