dependency tar@6.1.5 is vulnerabilty

[savez]

Issue description

Hi, in my project I use serverless@3.38.0.
I run yarn audit and I find this potential vulnerability in module TAR. It use in serverless@3.38.0

I can fix it?

Context

[jackwood11]

Bumping this issue.

Will there be a 3.x.x release that'll have a patched version of Tar? Or should we expect this vulnerability to be patched in serverless v4?

[czubocha]

Hey @savez @jackwood11, thanks for reporting this!. Just letting you know that we've removed the tar dependency in v4.6.3.