chore: address tar package vuln - BED-7178

[TheNando]

Description

Brings in tar package vulnerability updates from stage to keep main unblocked.

Motivation and Context

Resolves BED-7178

How Has This Been Tested?

N/A

Types of changes

• Chore (a change that does not modify the application functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• Chores
  • Updated dependencies to improve stability and compatibility, including version updates to UI component libraries and resolved dependency constraints.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Three package.json files updated: doodleui dependency bumped from ^1.0.0-alpha.32 to ^1.0.0-alpha.33 in two UI packages, and tar dependency (^7.5.3) added to root package.json resolutions with formatting adjustment.

Changes

Cohort / File(s)	Summary
doodleui Dependency Bump cmd/ui/package.json, packages/javascript/bh-shared-ui/package.json	Updated @bloodhoundenterprise/doodleui from ^1.0.0-alpha.32 to ^1.0.0-alpha.33 across both UI package manifests
New Dependency Resolution package.json	Added tar (^7.5.3) to resolutions and added trailing comma after tar-fs entry for formatting consistency

Possibly related PRs

• #1928: Modifies the same @bloodhoundenterprise/doodleui dependency entries in cmd/ui and packages/javascript/bh-shared-ui, suggesting coordinated UI package updates.

Suggested labels

user interface

Suggested reviewers

• elikmiller
• superlinkx

Poem

🐰 A hop and a bump, version up we go,
New doodleui alpha, a UI-bound show,
Tar's joined the fold in resolutions so neat,
Dependencies dancing, our build now complete! ✨

---

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly relates to the main change: updating the tar package to address a vulnerability (BED-7178), which is the primary purpose of the PR.
Description check	✅ Passed	The description includes most required sections: Description, Motivation and Context, How Has This Been Tested, Types of changes, and a completed Checklist, though testing details are minimal.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}