Update tar dependency to ^7.5.2 to exclude CVE-2025-64118

[Copilot]

CVE-2025-64118 affects node-tar version 7.5.1. The current constraint ^7.4.3 allows installation of the vulnerable version.

Changes

• Updated package.json: "tar": "^7.4.3" → "tar": "^7.5.2"

This change blocks version 7.5.1 via semver constraint while allowing 7.5.2+ (current latest: 7.5.2).

"dependencies": {
  "tar": "^7.5.2"
}

Verification: semver.satisfies('7.5.1', '^7.5.2') returns false.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>CVE-2025-64118 - dependency update request for node-tar</issue_title>
<issue_description>This project uses node-tar as a dependency. That project has recently gotten the following CVE: CVE-2025-64118.

That CVE only applies to version 7.5.1. The versions in use within this project are ^7.4.3.

When possible, please update this dependency to the latest version. In the meantime, can we please ensure that we do not allow for the dependency to be 7.5.1?</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes CVE-2025-64118 - dependency update request for node-tar #3229

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.