chore: bump tar from 7.4.3 to 7.5.6 (#1052)

Add pnpm override to fix CVE-2026-23950 (race condition via Unicode collisions on macOS APFS).

Author: wangsijie

package.json

@@ -42,7 +42,8 @@
       "valibot@>=0.31.0 <1.2.0": "^1.2.0",
       "@angular/common@<19.2.16": "^19.2.16",
       "@react-router/node@<7.9.5": "^7.9.5",
-      "qs@<6.14.1": "^6.14.1"
+      "qs@<6.14.1": "^6.14.1",
+      "tar@<=7.5.3": "^7.5.4"
     },
     "peerDependencyRules": {
       "allowedVersions": {