fix(deps): bump tar from 7.4.3 to 7.5.1

[fabasoad]

This is related to #243 issue. The issue itself has been fixed in the node-tar repository (isaacs/node-tar@5330eb0) and new version has been released: https://github.com/isaacs/node-tar/releases/tag/v7.5.1

In this PR I've bumped tar version to the 5.7.1, built dist directory and checked the results with codeql - no issues are found:

cd dist
codeql database create .db-codeql --language=javascript --build-mode=none
codeql database analyze .db-codeql javascript-security-extended.qls --format=sarifv2.1.0 --output=codeql.sarif
jq -r '.runs[].results[] | "\(.ruleId): \(.locations[].physicalLocation.artifactLocation.uri)"' codeql.sarif
# no output

[mcous]

Thanks for the contribution and getting this resolved upstream! It looks like the lockfile got some unrelated changes - this can happen when using pnpm update.

Would you mind running a quick command to regenerate the lockfile with just the tar-related changes? I'd do it myself but it doesn't look like I have push permissions on this branch

git restore --source=main -- pnpm-lock.yaml && pnpm install

[fabasoad]

@mcous Sure! Thanks for the quick response.

$ git restore --source=main -- pnpm-lock.yaml && pnpm install
Packages: +40 -40
++++++++++++++++++++++++++++++++++++++++----------------------------------------
Progress: resolved 404, reused 318, downloaded 28, added 40, done
node_modules/.pnpm/[email protected]/node_modules/esbuild: Running postinstall script, done in 375ms

devDependencies:
- @types/node 24.5.2
+ @types/node 24.4.0
- eslint 9.36.0
+ eslint 9.35.0
- eslint-plugin-jsdoc 57.2.1
+ eslint-plugin-jsdoc 57.0.8

Done in 8.4s using pnpm v10.16.1

I've just pushed these changes. Please take a look.