chore(deps): bump vite-plus to v0.2.0

[fengmk2]

Summary

Bump vite-plus and related packages to the pkg.pr.new prerelease build for v0.2.0.

Updated where applicable:

• vite-plus -> pkg.pr.new build
• vite (alias/override -> @voidzero-dev/vite-plus-core)
• vitest pinned to bundled 4.1.9 (the @voidzero-dev/vite-plus-test wrapper was removed upstream; vitest is now plain upstream)
• minimumReleaseAge enabled with vite-plus packages excluded (pnpm/bun/npm as applicable)

Test plan

• CI passes

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/eslint-plugin-react-doctor@3

npm i https://pkg.pr.new/oxlint-plugin-react-doctor@3

npm i https://pkg.pr.new/react-doctor@3

commit: 99eea72

[github-actions]

No React Doctor issues found. 🎉

_{Reviewed by React Doctor for commit 99eea72.}

[gemini-code-assist]

Code Review

This pull request updates project dependencies, transitioning @voidzero-dev/vite-plus-core and vite-plus to temporary pkg.pr.new URLs, upgrading vitest to version 4.1.9, and adjusting pnpm workspace configurations such as reducing minimumReleaseAge and disabling blockExoticSubdeps. The review feedback correctly highlights that using temporary pkg.pr.new URLs in package.json and pnpm-workspace.yaml poses a risk of future build failures once those builds expire, recommending stable npm-published versions instead. Furthermore, the reviewer advises maintaining the global minimumReleaseAge at its secure default of 7200 seconds, as the fast-moving packages have already been safely added to the exclusion list.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Using temporary pkg.pr.new URLs for dependencies in package.json is highly discouraged for stable/main branches. These builds are temporary and can be deleted or expire, which will eventually break the installation and build process for anyone cloning this repository in the future.

If v0.2.0 is published on npm, please use the published npm version instead. If this is a temporary PR for testing, please ensure these are replaced with stable npm registry versions before merging.

Suggested change

	"@voidzero-dev/vite-plus-core": "https://pkg.pr.new/voidzero-dev/vite-plus/@voidzero-dev/vite-plus-core@1856",
	"cross-env": "^10.1.0",
	"ts-json-schema-generator": "^2.9.0",
	"turbo": "^2.9.7",
	"typescript": "^6.0.3",
	"vite-plus": "^0.1.15"
	"vite-plus": "https://pkg.pr.new/voidzero-dev/vite-plus@1856"
	"@voidzero-dev/vite-plus-core": "^0.2.0",
	"cross-env": "^10.1.0",
	"ts-json-schema-generator": "^2.9.0",
	"turbo": "^2.9.7",
	"typescript": "^6.0.3",
	"vite-plus": "^0.2.0"

[gemini-code-assist]

Similar to the dependencies in package.json, this override should point to a stable npm-published version (e.g., npm:@voidzero-dev/vite-plus-core@^0.2.0) instead of a temporary pkg.pr.new URL to prevent future installation failures when the temporary build expires.

  vite: "npm:@voidzero-dev/vite-plus-core@^0.2.0"

[gemini-code-assist]

Reducing the global minimumReleaseAge to 60 seconds significantly weakens the security benefits of this feature against dependency confusion and supply chain attacks.

Since you have already added all the fast-moving/prerelease packages (like @voidzero-dev/*, vite-plus, vitest, etc.) to the minimumReleaseAgeExclude list, you can safely keep the global minimumReleaseAge at its original secure value of 7200 seconds (2 hours).

minimumReleaseAge: 7200