chore(deps-dev): bump vite-plus from 0.1.19 to 0.1.22

[dependabot]

Bumps vite-plus from 0.1.19 to 0.1.22.

Release notes

Sourced from vite-plus's releases.

vite-plus v0.1.22

A critical Vitest browser-mode security fix, parallel vp add -g installs, a built-in oxlint rule to prefer vite-plus imports, and a new --git switch for vp create.

Highlights

• Security: bundled vitest bumped to 4.1.6 to address GHSA-2h32-95rg-cppp (Critical, CVSS 9.6), an XSS to RCE chain via the otelCarrier query parameter in Vitest browser mode (#1633)
• Parallel global install: vp add/install/update -g now installs packages concurrently with a progress bar and a --concurrency flag (default 5) (#1597)
• Prefer vite-plus imports: new bundled oxlint rule rewrites vite/vitest imports to vite-plus, enabled by default in generated and migrated lint configs (#1408)
• Git init on scaffold: vp create learns --git/--no-git (interactive prompt; auto-commits "Initial commit from Vite+") (#1484)

Features

• Spawn npm for global installation in parallel with a progress bar and a --concurrency option (#1597), by @​liangmiQwQ
• Add bundled oxlint rule to prefer vite-plus imports over vite/vitest (#1408), by @​Han5991
• vp create: initialize a git repository and create an initial commit on scaffold (#1484), by @​ryohidaka
• vp create: rename underscore-prefixed files (_gitignore, _npmrc, _yarnrc.yml) to dotfiles for @org/create bundled templates (#1574), by @​jong-kyung
• Add VP_PR_VERSION env var to install unreleased PR builds via pkg.pr.new (#1578), by @​fengmk2

Fixes & Enhancements

• Skip merging standalone .oxfmtrc/.oxlintrc config when the fmt:/lint: key is already declared in vite.config.ts (fixes duplicate-block regression in vp create fate) (#1601), by @​fengmk2
• Suppress the VITE+ - The Unified Toolchain for the Web banner for vp lint --lsp, vp fmt --lsp, and vp fmt --stdin-filepath so stdout stays a pure LSP / formatter stream (#1619), by @​fengmk2
• vp create: detect output directory when running in the current directory (#1606), by @​jong-kyung
• vp update -g: skip installs when the recorded global package version already matches the npm-resolved version, and tolerate string/array outputs from npm view ... version --json (#1596), by @​leno23
• vp create: preserve single-segment project path in updateWorkspaceConfig (#1582), by @​jong-kyung
• vp env use: keep the change session-scoped on Windows (#1577), by @​fengmk2
• vp rebuild: accept positional package names (#1564), by @​fengmk2
• Adopt the new vite-task error formatter; errors now print as error: <top-level> plus * <source> chain lines, with bold-red highlight on a TTY (vite-task#390), by @​branchseer
• vite-task: forward LOCALAPPDATA so Node's compile cache stays outside the workspace on Windows (vite-task#389), by @​branchseer
• Bump vite-task to c945cc0 (#1628), by @​branchseer

Refactor

• Revert vp pm plugin command (per discussion in #1038) (#1623), by @​jong-kyung

Docs

• Add vitepress-plugin-llms to the docs site so the published docs include LLM-friendly outputs (/llms.txt) (#1625), by @​jong-kyung
• Refresh home stats for oxlint, vite, and vitest (#1512), by @​nozomee
• Mention vp env doctor in agent instructions (#1603), by @​leno23

Chore

• Consolidate the upstream build chain into a single pnpm build script (justfile recipe now just calls pnpm build) (#1626), by @​fengmk2
• Fix bootstrap-cli on Windows (#1583), by @​fengmk2
• Refresh trusted stack stats (#1573, #1616), by @​voidzero-guard[bot]
• Update GitHub Actions (#1611, #1612), by @​renovate[bot]
• Address zizmor findings in composite actions and the release workflow; drop unused actions-cool/issues-helper (#1630), by @​Boshen
• Switch plain checkouts to taiki-e/checkout-action (#1620), by @​Boshen
• Switch release to a version-bump PR + push trigger flow (#1575), by @​Boshen

... (truncated)

Commits

• 12368da release: v0.1.22 (#1637)
• 2a44bce chore: bump vite-task to c945cc0 (#1628)
• f0ae621 feat(cli): spawn npm for global installation in parallel and refine output (#...
• e80e241 revert: remove vp pm plugin command (#1623)
• 3dc7c75 docs: mention env doctor in agent instructions (#1603)
• 9e44db1 fix(cli): skip merging standalone oxfmt/oxlint config when key already in vit...
• 9f718e7 fix(cli): detect create output in current directory (#1606)
• 99d3e41 feat(cli): add oxlint rule to prefer vite-plus imports (#1408)
• 5d68116 feat(cli): Initialize a git repository and create an initial commit on scaffo...
• 023e700 test(cli): add --help case to config snap tests for npm10/yarn1/yarn4 (#1585)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)