security: mitigate CVE-2018-20834

[shockey]

No end-user risk, just cleaning tar@<4.4.2 out of our dev dependencies.

CVE-2018-20834

Before

➜  npm ls tar
swagger-client@3.8.24 /Users/kyle/Code/js
├─┬ bundlesize@0.17.0
│ └─┬ brotli-size@0.0.1
│   └─┬ iltorb@1.3.10
│     └─┬ node-gyp@3.7.0
│       └── tar@2.2.1 
└─┬ mocha-webpack@1.1.0
  └─┬ chokidar@1.7.0
    └─┬ fsevents@1.2.4
      └─┬ node-pre-gyp@0.10.0
        └── tar@4.4.1 

After

➜  npm ls tar
swagger-client@3.8.24 /Users/kyle/Code/js
└── (empty)