chore: update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vitest (source)	4.1.5 → 4.1.6
yaml (source)	2.8.4 → 2.9.0

---

Release Notes

vitest-dev/vitest (vitest)

v4.1.6

Compare Source

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in #​10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in #​10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in #​10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in #​10276 (9f7b1)

    View changes on GitHub

eemeli/yaml (yaml)

v2.9.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

? Verifying lockfile against supply-chain policies (502 entries)...
✗ Lockfile failed supply-chain policy check (502 entries in 4.6s)
[ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION] 76 lockfile entries failed verification:
  @commitlint/[email protected] was published at 2026-05-12T14:26:39.338Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:39.330Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:37.896Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:39.577Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:41.643Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:43.578Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:43.059Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:37.911Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:39.725Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:39.724Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:41.179Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:41.714Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:37.841Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:37.570Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @commitlint/[email protected] was published at 2026-05-12T14:26:37.803Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @octokit/[email protected] was published at 2026-05-12T19:45:08.000Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @oxfmt/[email protected] was published at 2026-05-15T16:20:30.000Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @oxfmt/[email protected] was published at 2026-05-15T16:19:55.000Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @oxfmt/[email protected] was published at 2026-05-15T16:19:49.000Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  @oxfmt/[email protected] was published at 2026-05-15T16:21:10.000Z, within the minimumReleaseAge cutoff (2026-05-11T16:38:58.232Z)
  …and 56 more

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.