fix: upgrade tar to >=7.5.10 (GHSA-qffp-2rhf-9h96)

[Copilot]

tar <=7.5.9 has a high-severity hardlink path traversal vulnerability via drive-relative linkpaths (GHSA-qffp-2rhf-9h96). Patched in 7.5.10.

Changes

• package.json — add tar: ">=7.5.10" to the overrides section alongside existing overrides
• package-lock.json — resolved tar from 7.5.9 → 7.5.10

"overrides": {
  "tar": ">=7.5.10"
}

Original prompt

Fix tar dependency issue:

2026-03-05T14:30:25.3393014Z npm warn config production Use --omit=dev instead.
2026-03-05T14:30:25.9499187Z # npm audit report
2026-03-05T14:30:25.9499574Z
2026-03-05T14:30:25.9499720Z tar <=7.5.9
2026-03-05T14:30:25.9510581Z Severity: high
2026-03-05T14:30:25.9511731Z tar has Hardlink Path Traversal via Drive-Relative Linkpath - GHSA-qffp-2rhf-9h96
2026-03-05T14:30:25.9512715Z fix available via npm audit fix
2026-03-05T14:30:25.9513128Z node_modules/tar
2026-03-05T14:30:25.9513322Z
2026-03-05T14:30:25.9513576Z 1 high severity vulnerability
2026-03-05T14:30:25.9513829Z
2026-03-05T14:30:25.9514010Z To address all issues, run:
2026-03-05T14:30:25.9514379Z npm audit fix

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.