fix(deps): bump vitest for dependabot alert

[RSO]

Summary

• Resolve Dependabot alert 202 by aligning stale Vitest manifest pins with the workspace catalog at vitest@4.1.6.
• Align cloudflare-wasteland's @cloudflare/vitest-pool-workers dependency to the catalog so the lockfile no longer resolves vulnerable vitest@3.2.4.
• Add Node types to @kilocode/wl-sdk so its existing Node-based generator script remains typecheckable after the dependency refresh.

Verification

N/A - dependency-only lockfile update.

Visual Changes

N/A

Reviewer Notes

• pnpm-lock.yaml no longer contains vitest@3.x package entries.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

Clean dependency-only upgrade: three packages (wl-sdk, model-eval-ingest, wasteland) are aligned to the workspace catalog at vitest@4.1.6 and @cloudflare/vitest-pool-workers@0.16.4, with a necessary @types/node addition to support the existing Node-based generator script in wl-sdk.

Files Reviewed (5 files)

• packages/wl-sdk/package.json — adds @types/node: catalog:, bumps vitest to catalog:
• packages/wl-sdk/tsconfig.json — adds "types": ["node"] to support node:child_process / node:crypto imports in scripts/generate-from-schema.ts
• services/model-eval-ingest/package.json — bumps vitest from ^3.2.4 to catalog:
• services/wasteland/package.json — bumps @cloudflare/vitest-pool-workers from ^0.12.8 to catalog:, vitest from ^3.2.4 to catalog:
• pnpm-lock.yaml — lockfile update; all vitest@3.x entries removed, replaced with vitest@4.1.6

Fix these issues in Kilo Cloud

---

_{Reviewed by claude-sonnet-4.6 · 1,017,708 tokens}

_{Review guidance: REVIEW.md from base branch main}