chore(deps): bump vitest to clear critical audit finding

[raifdmueller]

Problem

The Dependency Security Audit CI job (npm audit --audit-level=high) started failing on a newly published critical advisory:

• vitest <4.1.0 — GHSA-5xrq-8626-4rwp: when the Vitest UI server is listening, an arbitrary file can be read and executed.

This is unrelated to any code change — it appeared because npm audit pulls live advisory data — and it's currently failing CI on every open PR (e.g. #552).

Fix

Bump vitest ^4.0.18 → ^4.1.8 (latest 4.x). npm audit --audit-level=high now exits 0 (only moderate findings remain, below the gate). All 96 unit tests pass on the new version.

After this merges, rebasing the other open PRs (#552) onto main turns their audit check green.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Abhängigkeitsversion aktualisiert

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 4634d871-04c0-40d6-8d9e-50aaccd141ff

📥 Commits

Reviewing files that changed from the base of the PR and between 0144d83 and c775a60.

⛔ Files ignored due to path filters (1)

• website/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• website/package.json

---

Überblick

Die vitest-Abhängigkeit in website/package.json wird von Version ^4.0.18 auf ^4.1.8 aktualisiert.

Änderungen

Abhängigkeitsversionsaktualisierung

Layer / Datei(en)	Zusammenfassung
Vitest Version aktualisiert website/package.json	Die devDependency vitest wird von ^4.0.18 auf ^4.1.8 in der devDependencies-Sektion aktualisiert.

🎯 1 (Trivial) | ⏱️ ~2 Minuten

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Der PR-Titel beschreibt korrekt und konkret die Hauptänderung: eine Aktualisierung der vitest-Abhängigkeit zur Behebung eines kritischen Audit-Befunds.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}