fix: upgrade to copy-anything 4

[jacquesg]

copy-anything:

"Affected versions of this package are vulnerable to prototype pollution, allowing an attacker to inject properties such as isAdmin into an object's prototype when copying an object containing a __proto__ property using the copy function of the copy-anything library. This can lead to unauthorized access, privilege escalation, and unpredictable application behavior due to bypassed permission checks."

See: https://github.com/mesqueeb/copy-anything/issues/11