fix(security): upgrade tar to 7.5.4 for GHSA-r6q2-hw4h-h46w CVE-2026-23950

[tkislan]

Summary by CodeRabbit

Release Notes

• Chores
  • Updated tar package version override for proper dependency resolution.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The tar package override in package.json was modified. Previously, the override pinned tar to exact version 7.5.3. The override now uses a conditional pattern specifying tar@<7.5.4 resolves to version 7.5.4, which affects how the dependency resolution engine handles tar versions below 7.5.4 during installation.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title accurately describes the main change: upgrading tar from 7.5.3 to 7.5.4 to address a security vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• CVE-2026: Entity not found: Issue - Could not find referenced Issue.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0%. Comparing base (4d239f1) to head (c871099).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@     Coverage Diff     @@
##   main   #299   +/-   ##
===========================
===========================

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.