`vitest` dependency should be a devDependency and not a regular dependency

We noticed some security issues when auditing our application that uses sweepline-intersections. They were triggered by the used vitest version which appears to be defined as a production dependency even though it is only used as a devDependency. Could `vitest`  be moved to the `devDependencies` section?