chore(deps): bump the npm group in /dev/deploy-to-container with 5 updates

[dependabot]

Bumps the npm group in /dev/deploy-to-container with 5 updates:

Package	From	To
dockerode	4.0.6	4.0.9
fs-extra	11.3.0	11.3.2
nanoid	5.1.5	5.1.6
tar	7.4.3	7.5.1
yargs	17.7.2	18.0.0

Updates dockerode from 4.0.6 to 4.0.9

Release notes

Sourced from dockerode's releases.

v4.0.9

What's Changed

• Bump tar-fs from 2.1.3 to 2.1.4 by @​dependabot[bot] in apocas/dockerode#814

Full Changelog: apocas/dockerode@v4.0.8...v4.0.9

v4.0.8

What's Changed

• chore: bump tar-fs dependency version to 2.1.3 by @​mevrin-ueat in apocas/dockerode#813

New Contributors

• @​mevrin-ueat made their first contribution in apocas/dockerode#813

Full Changelog: apocas/dockerode@v4.0.7...v4.0.8

v4.0.7

What's Changed

• Bump tar-fs from 2.1.2 to 2.1.3 by @​dependabot in apocas/dockerode#808

Full Changelog: apocas/dockerode@v4.0.6...v4.0.7

Commits

• b9b1c71 chore: bump version to 4.0.9 and update tar-fs dependency to 2.1.4
• 383e516 Merge pull request #814 from apocas/dependabot/npm_and_yarn/tar-fs-2.1.4
• 726764e Bump tar-fs from 2.1.3 to 2.1.4
• 5e5d65d chore: bump version to 4.0.8 and update tar-fs dependency to 2.1.3
• 7d1bbbb Merge pull request #813 from mevrin-ueat/chore/bump-tar-fs
• 003257f chore: bump tar-fs dependency version to 2.1.3
• 7bc1d4c Update README.md
• 7f41d32 version bump
• 0675052 Merge pull request #808 from apocas/dependabot/npm_and_yarn/tar-fs-2.1.3
• 94902df Bump tar-fs from 2.1.2 to 2.1.3
• See full diff in compare view

Updates fs-extra from 11.3.0 to 11.3.2

Changelog

Sourced from fs-extra's changelog.

11.3.2 / 2025-09-15

• Fix spurrious UnhandledPromiseRejectionWarning that could occur when calling .copy() in some cases (#1056, #1058)

11.3.1 / 2025-08-05

• Fix case where move/moveSync could incorrectly think files are identical on Windows (#1050)

Commits

• 403e8aa 11.3.2
• 47f1095 Fix UnhandledPromiseRejectionWarning in copy (#1058)
• 5e62bb7 11.3.1
• b897b36 fix incorrect identical result for windows node v22+ (#1050)
• 22583f7 Test on more modern Node versions (#1051)
• 83ff8ca Do not mutate args in ensure symlink tests (#1052)
• See full diff in compare view

Updates nanoid from 5.1.5 to 5.1.6

Release notes

Sourced from nanoid's releases.

5.1.6

• Fixed infinite loop on 0 size for customAlphabet.

Changelog

Sourced from nanoid's changelog.

5.1.6

• Fixed infinite loop on 0 size for customAlphabet.

Commits

• c6532db Release 5.1.6 version
• 8f2fcc6 Pin and update CI actions
• 71c042b Update dependencies
• 9abd691 Fix benchmark regression
• 70bc11f Fix tests
• 464d36b Normalize behaviour
• 191414f Fix test coverage
• cb3626d Do not allow tose size=0 on Node.js
• 095b73d Fix Dev Container support
• 3e7d645 Bump vite from 6.2.7 to 6.3.6 (#538)
• Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.1

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

... (truncated)

Commits

• 64728e8 7.5.1
• 5330eb0 fix: consistent TOCTOU behavior in sync t.list
• dcb0287 7.5.0
• aa1bed9 changelog 7.5
• 49bf8f9 feat: add initial zstd support
• b35ff94 ci: don't bother testing on node 18
• 181be3a update workflows, tshy configs
• 15d4510 7.4.4
• a474465 Fix some typos
• 65ff5be docs(changelog): add missing v7 breaking change
• Additional commits viewable in compare view

Updates yargs from 17.7.2 to 18.0.0

Changelog

Sourced from yargs's changelog.

18.0.0 (2025-05-26)

⚠ BREAKING CHANGES

• command names are not derived from modules passed to command.
• singleton usage of yargs yargs.foo, yargs().argv, has been removed.
• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23.
• yargs is now ESM first

Features

• commandDir now works with ESM files (#2461) (27eec18)
• locale: adds hebrew translation (#2357) (4266485)
• yargs is now ESM first (d90af45)
• zsh: Add default completion as fallback (#2331) (e02c91b)

Bug Fixes

• addDirectory do not support absolute command dir (#2465) (3a40a78)
• allows ESM modules commands to be extensible using visit option (#2468) (200e1aa)
• browser: fix shims so that yargs continues working in browser context (#2457) (4ae5f57)
• build: address problems with typescript compilation (#2445) (8d72fb3)
• coerce should play well with parser configuration (#2308) (8343c66)
• deps: update dependency yargs-parser to v22 (#2470) (639130d)
• exit after async handler done (#2313) (e326cde)
• handle spaces in bash completion (#2452) (83b7788)
• parser-configuration should work well with generated completion script (#2332) (888db19)
• propagate Dictionary including undefined in value type (#2393) (2b2f7f5)
• zsh: completion no longer requires double tab when using autoloaded (0dd8fe4)

Code Refactoring

• command names are not derived from modules passed to command. (d90af45)
• singleton usage of yargs yargs.foo, yargs().argv, has been removed. (d90af45)

Build System

• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23. (d90af45)

Commits

• 0bc7255 chore(main): release 18.0.0 (#2325)
• 639130d fix(deps): update dependency yargs-parser to v22 (#2470)
• 200e1aa fix: allows ESM modules commands to be extensible using visit option (#2468)
• 888db19 fix: parser-configuration should work well with generated completion script (...
• 3a40a78 fix: addDirectory do not support absolute command dir (#2465)
• 90e9eca docs: remove to old slack channel (#2466)
• 0dd8fe4 fix(zsh): completion no longer requires double tab when using autoloaded
• 27eec18 feat: commandDir now works with ESM files (#2461)
• f9c72a7 docs: update examples to run from examples folder (#2463)
• e02c91b feat(zsh): Add default completion as fallback (#2331)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.