fix: address vulnerability on vitest dependency

[johnnyeric]

Issue

Fixes https://github.com/Kilo-Org/kilocode/security/dependabot/249

Context

Vulnerability on vitest detected via dependabot.

Implementation

Upgraded vitest dependency

Screenshots / Video

How to Test

Manual/local verification

• bun run --filter @kilocode/kilo-docs test
• bun run --filter @kilocode/kilo-docs build
• bun run --filter @kilocode/kilo-docs dev

Reviewer test steps

• Start docs server
• Verify page is working correctly

Blocked checks and substitute verification

N/A

Checklist

• Issue linked above, or exception explained
• Tests/verification described
• Screenshots/video included for visual changes, or marked N/A
• Changeset considered for user-facing changes
• I personally reviewed the diff and can explain the changes, including any AI-assisted work.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

This is a clean dependency-only security fix. The upgrade from vitest ^3.2.3 to 4.1.0 in packages/kilo-docs is isolated and correct — no source code changes, no logic regressions, and the lock file is consistent with the manifest change.

One minor observation (not a blocker): the version is now pinned exactly as 4.1.0 rather than ^4.1.0. This prevents automatic patch/minor updates but is a deliberate and acceptable choice for a security fix, and it avoids re-introducing a version range that could drift again.

Files Reviewed (2 files)

• packages/kilo-docs/package.json — vitest upgraded from ^3.2.3 to 4.1.0
• bun.lock — lock file updated consistently

Fix these issues in Kilo Cloud

---

_{Reviewed by claude-sonnet-4.6 · 673,740 tokens}

_{Review guidance: REVIEW.md from base branch main}