chore(deps): bump the npm group across 1 directory with 10 updates

[dependabot]

Bumps the npm group with 10 updates in the /dev/diff directory:

Package	From	To
chalk	5.4.1	5.6.2
dockerode	4.0.6	4.0.9
fs-extra	11.3.0	11.3.3
got	13.0.0	14.6.5
listr2	6.6.1	9.0.5
lodash-es	4.17.21	4.17.22
luxon	3.6.1	3.7.2
pretty-bytes	6.1.1	7.1.0
tar	7.4.3	7.5.2
yargs	17.7.2	18.0.0

Updates chalk from 5.4.1 to 5.6.2

Release notes

Sourced from chalk's releases.

v5.6.2

• Fix vulnerability in 5.6.1, see: chalk/chalk#656

v5.6.0

• Make WezTerm terminal use true color a8f5bf7

---

chalk/chalk@v5.5.0...v5.6.0

v5.5.0

• Make Ghostty terminal use true color (#653) 79ee2d3

---

chalk/chalk@v5.4.1...v5.5.0

Commits

• 5155778 5.6.2
• 5c91505 5.6.0
• a8f5bf7 Make WezTerm terminal use true color
• 67db246 5.5.0
• 79ee2d3 Make Ghostty terminal use true color (#653)
• See full diff in compare view

Updates dockerode from 4.0.6 to 4.0.9

Release notes

Sourced from dockerode's releases.

v4.0.9

What's Changed

• Bump tar-fs from 2.1.3 to 2.1.4 by @​dependabot[bot] in apocas/dockerode#814

Full Changelog: apocas/dockerode@v4.0.8...v4.0.9

v4.0.8

What's Changed

• chore: bump tar-fs dependency version to 2.1.3 by @​mevrin-ueat in apocas/dockerode#813

New Contributors

• @​mevrin-ueat made their first contribution in apocas/dockerode#813

Full Changelog: apocas/dockerode@v4.0.7...v4.0.8

v4.0.7

What's Changed

• Bump tar-fs from 2.1.2 to 2.1.3 by @​dependabot in apocas/dockerode#808

Full Changelog: apocas/dockerode@v4.0.6...v4.0.7

Commits

• b9b1c71 chore: bump version to 4.0.9 and update tar-fs dependency to 2.1.4
• 383e516 Merge pull request #814 from apocas/dependabot/npm_and_yarn/tar-fs-2.1.4
• 726764e Bump tar-fs from 2.1.3 to 2.1.4
• 5e5d65d chore: bump version to 4.0.8 and update tar-fs dependency to 2.1.3
• 7d1bbbb Merge pull request #813 from mevrin-ueat/chore/bump-tar-fs
• 003257f chore: bump tar-fs dependency version to 2.1.3
• 7bc1d4c Update README.md
• 7f41d32 version bump
• 0675052 Merge pull request #808 from apocas/dependabot/npm_and_yarn/tar-fs-2.1.3
• 94902df Bump tar-fs from 2.1.2 to 2.1.3
• See full diff in compare view

Updates fs-extra from 11.3.0 to 11.3.3

Changelog

Sourced from fs-extra's changelog.

11.3.3 / 2025-12-18

• Fix copying symlink when destination is a symlink to the same target (#1019, #1060)

11.3.2 / 2025-09-15

• Fix spurrious UnhandledPromiseRejectionWarning that could occur when calling .copy() in some cases (#1056, #1058)

11.3.1 / 2025-08-05

• Fix case where move/moveSync could incorrectly think files are identical on Windows (#1050)

Commits

• 1de81e9 11.3.3
• ddc46f7 Fix symlink copy failing when source and dest symlinks point to same target (...
• 5023c22 Use macos-15-intel runner (#1061)
• 403e8aa 11.3.2
• 47f1095 Fix UnhandledPromiseRejectionWarning in copy (#1058)
• 5e62bb7 11.3.1
• b897b36 fix incorrect identical result for windows node v22+ (#1050)
• 22583f7 Test on more modern Node versions (#1051)
• 83ff8ca Do not mutate args in ensure symlink tests (#1052)
• See full diff in compare view

Updates got from 13.0.0 to 14.6.5

Release notes

Sourced from got's releases.

v14.6.5

• Fix TypeScript type inference for got.extend() with responseType option f7ab6e9

---

sindresorhus/got@v14.6.4...v14.6.5

v14.6.4

• Fix dnsLookup option type to accept Node.js dns.lookup 47c3155

---

sindresorhus/got@v14.6.3...v14.6.4

v14.6.3

• Fix socket reuse timing and DNS timing fb03d84 61d5e3b

---

sindresorhus/got@v14.6.2...v14.6.3

v14.6.2

• Fix path segments containing colons being misidentified as absolute URLs 0a16a9c

---

sindresorhus/got@v14.6.1...v14.6.2

v14.6.1

• Fix the TS code not being built in 14.6.0.

---

sindresorhus/got@v14.6.0...v14.6.1

v14.6.0

Improvements

• Add beforeCache hook 1c3a041
• Add retryCount to beforeRequest hook context 91cdc48
• Improve HTTPError message to include method and URL 6dd7574
• Add support for typed arrays as request body ecf5633
• Add Node.js diagnostic channel support 3e2a781
• Allow custom Error classes in beforeError hook 1c71194
• Add zstd (Zstandard) compression support 449833a
• Improve validation error messages by including option names f5c54a3
• Add strictContentLength option 4206f0e
• Add support for https.secureOptions option 7ec1714
• Add copyPipedHeaders option to control automatic header copying from piped streams d83dadd
• Add stream.isReadonly property to detect read-only streams 030dfbb

... (truncated)

Commits

• 388df48 14.6.5
• f7ab6e9 Fix TypeScript type inference for got.extend() with responseType option
• a149dfb Meta tweaks
• edc8348 14.6.4
• 47c3155 Fix dnsLookup option type to accept Node.js dns.lookup
• 6633001 14.6.3
• 61d5e3b Fix DNS cache timing confusion
• fb03d84 Fix socket reuse timing phases preservation
• 142ed7c 14.6.2
• 0a16a9c Fix path segments containing colons being misidentified as absolute URLs
• Additional commits viewable in compare view

Updates listr2 from 6.6.1 to 9.0.5

Commits

• See full diff in compare view

Updates lodash-es from 4.17.21 to 4.17.22

Commits

• See full diff in compare view

Updates luxon from 3.6.1 to 3.7.2

Changelog

Sourced from luxon's changelog.

3.7.2 (2025-07-09)

• Fix ES6 packaging

3.7.1 (2025-07-09)

• Revert change in ES6 packaging

3.7.0 (2025-07-09)

• Added showZeros option to Duration#toHuman
• Added Duration#removeZeros method.
• Added rounding option to DateTime#toRelative
• Added precision option to ISO formatting methods
• Added signMode option to Duration#toFormat
• Allow escaping single quotes in format strings
• Improve output of Info.months and Info.monthsFormat for ja locale
• Accept lowercase t as a separator in ISO strings
• Accept lowercase z as an offset in ISO strings
• Reject non-finite numbers where previously only NaN was rejected
• Improve the documentation for Interval
• Added a dark theme for the documentation site

Commits

• 4262a38 Version 3.7.2
• 738144d Fix the build ES6 code having the wrong file extension and use it in package....
• 3b2f374 Release version 3.7.1
• c67ee7d Revert "build: use the es6 build for ESM exports (#1707)"
• cfa58a2 Release version 3.7.0
• 7d379cc Fix unsupported signDisplay value
• 4e81ef9 Implement "signMode" on Duration#toFormat
• 5aa55da Improve documentation regarding Interval's half-openness
• b188e10 add dark theme to docs (#1713)
• cf67025 build: use the es6 build for ESM exports (#1707)
• Additional commits viewable in compare view

Updates pretty-bytes from 6.1.1 to 7.1.0

Release notes

Sourced from pretty-bytes's releases.

v7.1.0

• Add fixedWidth option for right-aligned output 73df489
• Add nonBreakingSpace option b637640
• Fix truncation behavior with fraction digits options b64cee5

---

sindresorhus/pretty-bytes@v7.0.1...v7.1.0

v7.0.1

• Fix precision with the binary option (#88) c9fd951

---

sindresorhus/pretty-bytes@v7.0.0...v7.0.1

v7.0.0

Breaking

• Require Node.js 20 13d3727

Improvements

• Add support for BigInt (#85) 386b35a

---

sindresorhus/pretty-bytes@v6.1.1...v7.0.0

Commits

• b7849f7 7.1.0
• 73df489 Add fixedWidth option for right-aligned output
• b64cee5 Fix truncation behavior with fraction digits options
• b637640 Add nonBreakingSpace option
• 3c77fd1 7.0.1
• c9fd951 Fix precision with the binary option (#88)
• 4186190 Fix CI
• 2658a8e 7.0.0
• 13d3727 Require Node.js 20
• 386b35a Add support for BigInt (#85)
• Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.2

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

... (truncated)

Commits

• d9ea73a 7.5.2
• 5e1a8e6 Fix sync tar.list when file size reduces while reading
• 0fbeaed formatting
• 2dbacfe add types for make-tar util
• c5865d3 remove unused taprc file
• bdb3809 header: only read from ustar block if not specified in Pax
• d094cd7 BlueOak-1.0.0
• 4a6ae72 Verify invulnerability to tarmageddon attack
• 64728e8 7.5.1
• 5330eb0 fix: consistent TOCTOU behavior in sync t.list
• Additional commits viewable in compare view

Updates yargs from 17.7.2 to 18.0.0

Changelog

Sourced from yargs's changelog.

18.0.0 (2025-05-26)

⚠ BREAKING CHANGES

• command names are not derived from modules passed to command.
• singleton usage of yargs yargs.foo, yargs().argv, has been removed.
• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23.
• yargs is now ESM first

Features

• commandDir now works with ESM files (#2461) (27eec18)
• locale: adds hebrew translation (#2357) (4266485)
• yargs is now ESM first (d90af45)
• zsh: Add default completion as fallback (#2331) (e02c91b)

Bug Fixes

• addDirectory do not support absolute command dir (#2465) (3a40a78)
• allows ESM modules commands to be extensible using visit option (#2468) (200e1aa)
• browser: fix shims so that yargs continues working in browser context (#2457) (4ae5f57)
• build: address problems with typescript compilation (#2445) (8d72fb3)
• coerce should play well with parser configuration (#2308) (8343c66)
• deps: update dependency yargs-parser to v22 (#2470) (639130d)
• exit after async handler done (#2313) (e326cde)
• handle spaces in bash completion (#2452) (83b7788)
• parser-configuration should work well with generated completion script (#2332) (888db19)
• propagate Dictionary including undefined in value type (#2393) (2b2f7f5)
• zsh: completion no longer requires double tab when using autoloaded (0dd8fe4)

Code Refactoring

• command names are not derived from modules passed to command. (d90af45)
• singleton usage of yargs yargs.foo, yargs().argv, has been removed. (d90af45)

Build System

• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23. (d90af45)

Commits

• 0bc7255 chore(main): release 18.0.0 (#2325)
• 639130d fix(deps): update dependency yargs-parser to v22 (#2470)
• 200e1aa fix: allows ESM modules commands to be extensible using visit option (#2468)
• 888db19 fix: parser-configuration should work well with generated completion script (...
• 3a40a78 fix: addDirectory do not support absolute command dir (#2465)
• 90e9eca docs: remove to old slack channel (#2466)
• 0dd8fe4 fix(zsh): completion no longer requires double tab when using autoloaded
• 27eec18 feat: commandDir now works with ESM files (#2461)
• f9c72a7 docs: update examples to run from examples folder (#2463)
• e02c91b feat(zsh): Add default completion as fallback (#2331)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions