chore(deps): update dependency vitest to v4.1.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vitest (source)	4.0.18 → 4.1.2

---

Release Notes

vitest-dev/vitest (vitest)

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

v4.1.1

Compare Source

   🚀 Features

• experimental:
  • Expose matchesTagsFilter to test if the current filter matches tags  -  by @​sheremet-va in #​9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in #​9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in #​9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in #​9831 and #​9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in #​9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in #​9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in #​9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in #​9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in #​9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in #​9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in #​9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in #​9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in #​9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in #​9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in #​9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in #​9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in #​9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in #​9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in #​9949 (0d5f9)

    View changes on GitHub

v4.1.0

Compare Source

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

• Return a disposable from doMock()  -  by @​kirkwaiblinger in #​9332 (e3e65)
• Added chai style assertions  -  by @​ronnakamoto and @​sheremet-va in #​8842 (841df)
• Update to sinon/fake-timers v15 and add setTickMode to timer controls  -  by @​atscott and @​sheremet-va in #​8726 (4b480)
• Expose matcher types  -  by @​sheremet-va in #​9448 (3e4b9)
• Add toTestSpecification to reported tasks  -  by @​sheremet-va in #​9464 (1a470)
• Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module  -  by @​sheremet-va in #​9387 (5db54)
• Track and display expectedly failed tests (.fails) in UI and CLI  -  by @​Copilot, sheremet-va and @​sheremet-va in #​9476 (77d75)
• Support tags  -  by @​sheremet-va in #​9478 (de7c8)
• Implement aroundEach and aroundAll hooks  -  by @​sheremet-va in #​9450 (2a8cb)
• Stabilize experimental features  -  by @​sheremet-va in #​9529 (b5fd2)
• Accept new or all in --update flag  -  by @​sheremet-va in #​9543 (a5acf)
• Support meta in test options  -  by @​sheremet-va in #​9535 (7d622)
• Support type inference with a new test.extend syntax  -  by @​sheremet-va in #​9550 (e5385)
• Support vite 8 beta, fix type issues in the config with different vite versions  -  by @​sheremet-va in #​9587 (99028)
• Add assertion helper to hide internal stack traces  -  by @​hi-ogawa and Claude Opus 4.6 in #​9594 (eeb0a)
• Store failure screenshots using artifacts API  -  by @​macarie in #​9588 (24603)
• Allow vitest list to statically collect tests instead of running files to collect them  -  by @​sheremet-va in #​9630 (7a8e7)
• Add --detect-async-leaks  -  by @​AriPerkkio in #​9528 (c594d)
• Implement mockThrow and mockThrowOnce  -  by @​thor-juhasz and @​sheremet-va in #​9512 (61917)
• Support update: "none" and add docs about snapshots behavior on CI  -  by @​hi-ogawa in #​9700 (05f18)
• Support playwright launchOptions with connectOptions  -  by @​hi-ogawa in #​9702 (f0ff1)
• Add page/locator.mark API to enhance playwright trace  -  by @​hi-ogawa in #​9652 (d0ee5)
• api:
  • Support tests starting or ending with test in experimental_parseSpecification  -  by @​jgillick and Jeremy Gillick in #​9235 (2f367)
  • Add filters to createSpecification  -  by @​sheremet-va in #​9336 (c8e6c)
  • Expose runTestFiles as alternative to runTestSpecifications  -  by @​sheremet-va in #​9443 (43d76)
  • Add allowWrite and allowExec options to api  -  by @​sheremet-va in #​9350 (20e00)
  • Allow passing down test cases to toTestSpecification  -  by @​sheremet-va in #​9627 (6f17d)
• browser:
  • Add userEvent.wheel API  -  by @​macarie in #​9188 (66080)
  • Add filterNode option to prettyDOM for filtering browser assertion error output  -  by @​Copilot, sheremet-va and @​sheremet-va in #​9475 (d3220)
  • Support playwright persistent context  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in #​9229 (f865d)
  • Added detailsPanelPosition option and button  -  by @​shairez in #​9525 (c8a31)
  • Use BlazeDiff instead of pixelmatch  -  by @​macarie in #​9514 (30936)
  • Add findElement and enable strict mode in webdriverio and preview  -  by @​sheremet-va in #​9677 (c3f37)
• cli:
  • Add @​bomb.sh/tab completions  -  by @​AmirSa12 and @​sheremet-va in #​8639 (200f3)
• coverage:
  • Support ignore start/stop ignore hints  -  by @​AriPerkkio in #​9204 (e59c9)
  • Add coverage.changed option to report only changed files  -  by @​kykim00 and @​AriPerkkio in #​9521 (1d939)
• experimental:
  • Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (e977f)
  • Option to disable the module runner  -  by @​sheremet-va and @​AriPerkkio in #​9210 (9be61)
  • Add importDurations: { limit, print } options  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in #​9401 (7e10f)
  • Add print and fail thresholds for importDurations  -  by @​hi-ogawa and Claude Opus 4.6 in #​9533 (3f7a5)
• fixtures:
  • Pass down file context to beforeAll/afterAll  -  by @​sheremet-va in #​9572 (c8339)
• reporters:
  • Add agent reporter to reduce ai agent token usage  -  by @​cpojer in #​9779 (3e9e0)
• runner:
  • Enhance retry options  -  by @​MazenSamehR, Matan Shavit, @​AriPerkkio and @​sheremet-va in #​9370 (9e4cf)
• ui:
  • Allow run individual test/suites  -  by @​userquin in #​9465 (73b10)
  • Add project filter/sort support  -  by @​userquin in #​8689 (0c7ea)
  • Add duration sorting to explorer  -  by @​julianhahn and @​cursoragent in #​9603 (209b1)
  • Implement filter for slow tests  -  by @​DerYeger and @​userquin in #​9705 (8880c)
• vitest:
  • Add run summary in GitHub Actions Reporter  -  by @​macarie and jhnance in #​9579 (96bfc)

   🐞 Bug Fixes

• Deprecate several vitest/* entry points  -  by @​sheremet-va in #​9347 (fd459)
• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e3422)
• Preact browser mode init example of render function not async  -  by @​WuMingDao in #​9375 (2bea5)
• Deprecate unused types in matcher context  -  by @​sheremet-va in #​9449 (20f87)
• Handle external/noExternal during configEnvironment hook  -  by @​hi-ogawa and Claude Opus 4.6 in #​9508 (59ea2)
• Replace default ssr environment runner with Vitest server module runner  -  by @​hi-ogawa and Claude Opus 4.6 in #​9506 (cd5db)
• Propagate experimental CLI options to child projects  -  by @​hi-ogawa and Claude Opus 4.6 in #​9531 (b624f)
• Show a warning when browser.isolate is used  -  by @​sheremet-va in #​9410 (3d48e)
• Fix vi.mock({ spy: true }) node v8 coverage  -  by @​hi-ogawa, hi-ogawa and Claude Opus 4.6 in #​9541 (687b6)
• Don't show internal ssr handler in errors  -  by @​sheremet-va in #​9547 (76c43)
• Close vitest if it failed to start  -  by @​sheremet-va in #​9573 (728ba)
• Fix ssr environment runner in project  -  by @​hi-ogawa in #​9584 (09006)
• Trim trailing white spaces in code block  -  by @​hi-ogawa in #​9591 (f78be)
• Support inline snapshot inside test.for/each  -  by @​hi-ogawa in #​9590 (615fd)
• Apply source maps for external module stack trace  -  by @​hi-ogawa in #​9152 (79e20)
• Remove the .name from statically collected test  -  by @​sheremet-va in #​9596 (b66ff)
• Don't suppress warnings on pnp  -  by @​sheremet-va in #​9602 (89cbd)
• Support snapshot with expect.soft  -  by @​iumehara, @​hi-ogawa and Claude Opus 4.6 in #​9231 (3eb2c)
• Log seed when only sequence.shuffle.tests is enabled  -  by @​kaigritun, Kai Gritun and @​sheremet-va in #​9576 (8182b)
• Externalize expect/src/utils from vitest  -  by @​hi-ogawa in #​9616 (48739)
• Ignore test.override during static collection  -  by @​sheremet-va in #​9620 (09174)
• Increase stacktrace limit for --detect-async-leaks  -  by @​AriPerkkio in #​9638 (9fd4c)
• Hanging-reporter link in cli  -  by @​flx-sta in #​9649 (7c103)
• Fix teardown timeout of aroundEach/All when inner aroundEach/All throws  -  by @​hi-ogawa in #​9657 (4ec6c)
• Fix ui mode / html reporter and coverage integration  -  by @​hi-ogawa and Claude Opus 4.6 in #​9626 (86fad)
• Don't continue when aroundEach/All setup timed out  -  by @​hi-ogawa in #​9670 (bb013)
• Align VitestRunnerConfig optional fields with SerializedConfig  -  by @​hi-ogawa in #​9661 (79520)
• Handle Symbol values in format utility  -  by @​nami8824 in #​9658 (0583f)
• Deprecate toBe* spy assertions in favor of toHaveBeen* (and toThrowError)  -  by @​sheremet-va in #​9665 (4d390)
• Don't propagate nested aroundEach/All errors but aggregate them on runner  -  by @​hi-ogawa in #​9673 (b6365)
• Show a better error if there is a pending dynamic import  -  by @​sheremet-va in #​9676 (7ef5c)
• Preserve stack trace of resolves/rejects chained assertion error  -  by @​hi-ogawa in #​9679 (c6151)
• Handle module-sync condition in vmThreads/vmForks require  -  by @​lesleh in #​9650 and #​9651 (bb203)
• Hooks should respect maxConcurrency  -  by @​hi-ogawa in #​9653 (16d13)
• Recursively autospy module object  -  by @​hi-ogawa in #​9687 (695a8)
• Remove trailing spaces from diff error log  -  by @​hi-ogawa and @​sheremet-va in #​9680 (395d1)
• Respect project resolve.conditions for externals  -  by @​hi-ogawa in #​9717 (1d498)
• Use object for WeakMap instead of a symbol to support webcontainers  -  by @​sheremet-va in #​9731 (c5225)
• Fix re-mocking virtual module  -  by @​hi-ogawa in #​9748 (3cbbb)
• Cancelling should stop current test immediately  -  by @​AriPerkkio in #​9729 (0cb2f)
• Make mockObject change backwards compatible  -  by @​sheremet-va in #​9744 (84c69)
• Fix URL.name on jsdom  -  by @​hi-ogawa in #​9767 (031f3)
• Save and restore module graph in blob reporter  -  by @​hi-ogawa in #​9740 (84355)
• Don't silence reporter errors from test runtime events handler in normal run and --merge-reports  -  by @​hi-ogawa in #​9727 (4072d)
• Fix vi.importActual() for virtual modules  -  by @​hi-ogawa and Claude Opus 4.6 in #​9772 (1e89e)
• Throw FixtureAccessError if suite hook accesses undefined fixture  -  by @​sheremet-va in #​9786 (fc2ce)
• Allow hyphens in project config file name pattern  -  by @​Koutaro-Hanabusa and @​hi-ogawa in #​9760 (33e96)
• Manual and redirect mock shouldn't load or transform original module  -  by @​hi-ogawa and Claude Opus 4.6 in #​9774 (a8216)
• hideSkippedTests should not hide test.todo  -  by @​oilater in #​9562 and #​9781 (8181e)
• Allow catch/finally for async assertion  -  by @​hi-ogawa in #​9827 (031f0)
• Resolve fixture overrides from test's suite in beforeEach hooks  -  by @​hi-ogawa and Claude Opus 4.6 in #​9826 (99e52)
• Use isAgent check, not just TTY, for watch mode  -  by @​sheremet-va in #​9841 (c3cac)
• Use performance.now to measure test timeout duration  -  by @​hi-ogawa and Claude Opus 4.6 in #​9795 (f48a6)
• Correctly identify concurrent test during static analysis  -  by @​sheremet-va in #​9846 (1de0a)
• browser:
  • Avoid updating screenshots when toMatchScreenshot passes  -  by @​macarie in #​9289 (46aab)
  • Hide injected data-testid attributes  -  by @​sheremet-va in #​9503 (c8d2c)
  • Throw an error if iframe was reloaded  -  by @​sheremet-va in #​9516 (73a81)
  • Encode projectName in browser client URL  -  by @​dkkim0122 in #​9523 (5b164)
  • Don't take failure screenshot if tests have artifacts created by toMatchScreenshot  -  by @​macarie in #​9552 (83ca0)
  • Remove --remote-debugging-address from chrome args  -  by @​hi-ogawa and @​AriPerkkio in #​9712 (f09bb)
  • Make sure userEvent actions support ensureAwaited  -  by @​sheremet-va in #​9732 (97685)
  • Types of getCDPSession and cdp()  -  by @​AriPerkkio in #​9716 (689a2)
  • Skip esbuild.legalComments when using rolldown-vite  -  by @​Copilot, hi-ogawa and @​hi-ogawa in #​9803 (3505f)
• chai:
  • Don't allow deepEqual in the config because it's not serializable  -  by @​sheremet-va in #​9666 (9ee99)
• coverage:
  • Infer transform mode for uncovered files  -  by @​AriPerkkio in #​9435 (f3967)
  • thresholds.autoUpdate to preserve ending whitespace  -  by @​AriPerkkio in #​9436 (7e534)
• deps:
  • Update all non-major dependencies  -  by @​hi-ogawa in #​9192 (90c30)
  • Update all non-major dependencies  -  in #​9485 (c0118)
  • Update all non-major dependencies  -  in #​9567 (13c9e)
• docs:
  • Fix old /config/#option hash links causing hydration errors  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in #​9610 (a603c)
• expect:
  • toMatchObject(Map/Set) should expect Map/Set on left hand side  -  by @​hi-ogawa and Claude Opus 4.6 in #​9532 (381da)
  • Fix objectContaining with proxy  -  by @​hi-ogawa and Claude Opus 4.6 in #​9554 (7ce34)
  • Support arbitrary value equality for toThrow and make Error detection robust  -  by @​hi-ogawa and Claude Opus 4.6 in #​9570 (de215)
• mock:
  • Inject helpers after hashbang if present  -  by @​sheremet-va in #​9545 (65432)
• mocker:
  • Update vite's peer dependency range  -  by @​sheremet-va in #​9808 (36f9a)
• reporter:
  • dot reporter leaves pending tests  -  by @​AriPerkkio in #​9684 (4d793)
• runner:
  • Mark repeated tests as finished on last run  -  by @​AriPerkkio in #​9707 (cc735)
• spy:
  • Support deep partial in vi.mocked  -  by @​j2h30728 in #​8152 and #​9493 (71cb5)
  • Fallback to object accessor if descriptor's value is undefined  -  by @​sheremet-va in #​9511 (6f181)
  • Throw correct errors when shorthand methods are used on a class  -  by @​sheremet-va in #​9513 (5d0fd)
• types:
  • bench.reporters no longer gives type errors when passing file name string paths  -  by @​Bertie690 in #​9695 (093c8)
• ui:
  • Process artifact attachments when generating HTML reporter  -  by @​macarie in #​9472 (96eb9)
  • Don't fail if --ui and --root are specified together  -  by @​sheremet-va in #​9536 (d9305)

   🏎 Performance

• pretty-format: Combine DOMElement plugins  -  by @​sheremet-va in #​9581 (da85a)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Updates:

• vitest: 4.0.18 → 4.1.2 (minor version update)
• Dependencies updated:
  • @vitest/* packages: Internal dependency alignment
  • chai: 6.2.1 → 6.2.2
  • tinyrainbow: 3.0.3 → 3.1.0
  • std-env: 3.10.0 → 4.0.0
  • expect-type: 1.2.2 → 1.3.0
  • @standard-schema/spec: 1.0.0 → 1.1.0

Critical Security Fix (v4.1.2):

• CVE Fix: Resolved GHSA-rf6f-7fwh-wjgh (Prototype Pollution in flatted dependency)
• Updated flatted dependency and removed version pinning
• This security vulnerability could allow attackers to pollute JavaScript object prototypes via parse() method

Major Features (v4.1.0):

• Stabilized experimental features: tags, fixtures (test.extend), aroundEach/All hooks
• New retry options with enhanced control
• Added --detect-async-leaks flag
• Improved snapshot handling with expect.soft
• Test metadata support via meta option
• Enhanced coverage options (coverage.changed)

Bug Fixes:

• Fixed setupFiles resolution from parent directory
• Sequential mock/unmock resolution improvements
• Browser mode screenshot stability
• Coverage configuration defaults corrected
• Pretty-format output limit calculations
• Color detection in automated environments

Deprecations:

• toBe* spy assertions → Use toHaveBeen* instead (backward compatible, warnings only)
• Several vitest/* entry points deprecated (project doesn't use these)

🎯 Impact Scope Investigation

Codebase Usage Analysis:

✅ Test Files (6 files):

• src/libs/post/properties.test.ts - Basic assertions only
• src/libs/query/posts.spec.ts - Standard expect assertions
• src/libs/og-image/image.test.tsx - Uses vi.mock, vi.fn, vi.mocked
• src/libs/summarizer/feature-detection.spec.ts - Uses vi.fn
• src/libs/tts/feature-detection.spec.ts - Uses vi.fn
• src/libs/tts/speech.spec.ts - Uses vi.fn
• src/pages/embed/index.spec.ts - Uses vi.fn

✅ Configuration:

• vitest.config.ts uses basic configuration (globals, environment, timeout, excludes)
• No experimental features used
• No browser mode configuration
• No deprecated entry points imported

✅ Test Assertions:

• All tests use modern assertion syntax (expect().toBe(), expect().toHaveLength(), etc.)
• Mock functions use vi.fn(), vi.mock(), vi.mocked() - all still supported
• No deprecated toBeCalled* assertions found
• Uses toHaveBeenCalledWith (recommended pattern)

✅ CI/CD Integration:

• Tests run via pnpm test:libs which executes vitest run
• Node.js test runner used for tools (pnpm test:tools)
• No watch mode or browser mode in CI

Dependency Chain:

• No direct @vitest/* package dependencies
• Vitest is only used as dev dependency
• No peer dependency conflicts detected

💡 Recommended Actions

Immediate Actions:

1. ✅ Safe to merge - No breaking changes affect this codebase
2. ✅ Security improvement - Resolves flatted CVE vulnerability
3. ✅ No code changes required - All APIs used are backward compatible

Post-Merge Verification:

1. Verify all tests pass: pnpm test:libs
2. Confirm test execution time remains similar
3. Check for any deprecation warnings in test output (none expected based on code review)

Future Considerations:

• Monitor for deprecation warnings in future runs (none currently triggered)
• The deprecated toBe* spy assertions are not used, so no migration needed
• Consider using new features like test.extend for fixture-based testing if needed

🔗 Reference Links

• Vitest 4.1.2 Release Notes
• Vitest 4.1.1 Release Notes
• Vitest 4.1.0 Release Notes
• Vitest 4.1 Blog Post
• Security Issue #9975 - flatted CVE fix
• Renovate Merge Confidence

Generated by koki-develop/claude-renovate-review

[github-actions]

vitest 4.0.18→4.1.2のマイナーバージョンアップと、テストファイルのリネーム・移動のみの変更。重大な問題はなし。テストファイルの移動先とインポートパスに軽微な構造的不一致あり。

軽微な指摘

• src/libs/embed/fetchPageMetadata.spec.ts: テストファイルが src/libs/embed/ に移動されたが、インポート先は依然として ../../pages/embed/index を参照している。テストの配置場所（libs/）と実装の場所（pages/）が一致していない。fetchPageMetadata を src/libs/embed/ に移動するリファクタリングの途中段階と思われるが、現状では構造的に不整合。意図的な段階的移行であれば問題ないが、実装の移動も同一PRで行うことが望ましい。

[github-actions]

🚀 Preview deployment ready!

✅ Preview URL: https://pr-1342---web-njpdbbjcea-an.a.run.app
📝 Commit SHA: be40cc5 (view commit)

This comment was automatically generated by the deploy-preview workflow.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[github-actions]

vitestの4.0.18→4.1.2へのバージョンアップと、fetchPageMetadataロジックをsrc/pages/embed/index.tsからsrc/libs/embed/fetchPageMetadata.tsへ分離するリファクタリング。コード品質の改善（型の絞り込み、不要なFetchConfig.cacheTtlの削除）もあり、全体的に良いPR。重大な問題なし。

軽微な指摘

• src/libs/embed/fetchPageMetadata.ts: extractImageUrl()でDOMの最初のタグのsrc属性を取得する際、相対URLを絶対URLに解決していない。例えば '/images/foo.png' のような相対パスが返される可能性がある。ただしこれは既存コードからの踏襲であり本PRで新たに導入された問題ではない。
• src/libs/embed/fetchPageMetadata.ts: onFailedAttemptのログメッセージが Retry ${error.attemptNumber}/3 となっているが、retries:3の場合、合計4回試行される（初回+3リトライ）。ログの '/3' が最大リトライ数なのか総試行数なのか曖昧でデバッグ時に混乱を招く可能性がある。機能上の問題はなし。

[github-actions]

vitestのマイナーバージョンアップ（CVE対応含む）とfetchPageMetadataのlibsへのリファクタリングが主な変更。相対URLの絶対URL解決という機能追加と対応するテストも含まれており、全体的に品質が向上している。重大な問題はなく、承認可。

軽微な指摘

• src/libs/embed/fetchPageMetadata.ts: extractImageUrl内のcandidates.find((c) => c != null)は空文字列("")をマッチさせてしまう。旧コードは if (metaOgImage) のようにfalsy判定でスキップしていたため、content=""のような属性があると挙動が変わる。new URL("", baseUrl).hrefはbaseUrlそのものを返すため、意図しない画像URLになり得る。c != null && c !== ''とするか、truthy判定Boolean(c)に変えることを検討。

[github-actions]

vitestのマイナーバージョンアップ（4.0.18→4.1.2）と、fetchPageMetadata関数をsrc/pages/embed/index.tsからsrc/libs/embed/fetchPageMetadata.tsに切り出すリファクタリング。合わせて相対URL画像パスの解決バグ修正と、それを検証するテストが追加されている。コード品質・設計ともに良好で重大な問題はない。

軽微な指摘

• src/libs/embed/fetchPageMetadata.ts: 軽微: extractImageUrlのcandidates.find(Boolean)はTypeScriptの型推論上string | undefinedを返すが、直後のif (!found) return nullで空文字もnullとして扱う。これは意図的な動作（テストで確認済み）だが、空文字のog:imageが設定されているケースで挙動が変わることをコメントで明示すると読みやすい。