CVE-2025-64118 - dependency update request for node-tar

[Amndeep7]

Some projects (top level and libnpmdiff) in this monorepo use node-tar as a dependency. That project has recently gotten the following CVE: CVE-2025-64118.

That CVE only applies to version 7.5.1. The versions in use within this project are ^7.5.1 and 7.5.1 is the resolved version specified in the package-lock file.

When possible, please update this dependency to the latest version.

[MikeMcC399]

This seems to be related to wolfi-dev/advisories#25125 and appears to be a duplicate of #8715