Bump @devcontainers/cli from 0.71.0 to 0.87.0 in /cli

[dependabot]

Bumps @devcontainers/cli from 0.71.0 to 0.87.0.

Changelog

Sourced from @​devcontainers/cli's changelog.

[0.87.0]

• Graduate lockfile from experimental to stable: lockfiles are now generated by default on build and up. (devcontainers/cli#1195)
  • New --no-lockfile flag to opt out of lockfile generation.
  • New --frozen-lockfile flag to ensure the lockfile exists and remains unchanged.
  • --experimental-lockfile and --experimental-frozen-lockfile are deprecated (still accepted with a warning).

[0.86.1]

• Do not write features supplied via --additional-features to the lockfile. (microsoft/vscode-remote-release#11616)

April 2026

[0.86.0]

• Bump basic-ftp from 5.2.0 to 5.2.2. (devcontainers/cli#1201)
• Always write devcontainer.metadata label as JSON array. (devcontainers/cli#1199)
• Normalize drive letter to lowercase on Windows to match VSCode. (devcontainers/cli#1183)

March 2026

[0.85.0]

• Inline buildx global build and target platform envvars when resolving base image and user. (devcontainers/cli#1169)

[0.84.1]

• Bump tar from 7.5.10 to 7.5.11 due to CVE-2026-31802. (devcontainers/cli#1174)

[0.84.0]

• Dependencies update. (devcontainers/cli#1167)

February 2026

[0.83.3]

• Bump tar from 7.5.7 to 7.5.8. (devcontainers/cli#1160)

[0.83.2]

• Improved logging for image inspect errors. (devcontainers/cli#1152)

[0.83.1]

• Bump tar from 7.5.6 to 7.5.7. (devcontainers/cli#1140)

[0.83.0]

• Add install script. (devcontainers/cli#1142)
• Remove request body limit. (devcontainers/cli#1141)
• Add BUILDKIT_INLINE_CACHE for container Feature path. (devcontainers/cli#1135)

January 2026

[0.82.0]

• devcontainer commands now use current directory as default workspace folder when not specified (devcontainers/cli#1104)

[0.81.1]

• Update js-yaml and glob dependencies. (devcontainers/cli#1128)

... (truncated)

Commits

• 65f98a5 Bump ip-address from 10.1.0 to 10.2.0
• 16dbc7d Graduate lockfile from experimental to stable (#1212)
• 6293ce5 Do not write features supplied via --additional-features to the lockfile (m...
• 131882d chore: fix CG alerts (#1216)
• f4ee5d0 CI timeout reliability improvements for flaky test failures (#1194)
• 539c04c fix comment
• 539ecc5 add mocha test explorer to recommended extensions
• 0689d55 formatting
• e7bf72b additional tests
• 9c3426b test tsconfig for mocha type support in editor
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)