Update `tar` for security

[G-Rath]

The current version of tar being depended on (4.4.18) is vulnerable to GHSA-f5x3-32g6-xq36 - while it's unlikely to be exploitable in this context, it still would be good to resolve since it creates noise in security scanners.

tar 5 and 6 dropped support for Node 4, 6, and 8 but this package already only supports Node 10+ so that shouldn't be a problem.

https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md

[G-Rath]

Related to vercel/vercel#11543

[mrmckeb]

I was also chasing this down and landed on this issue. It would be great to get this updated ASAP.

[jeffsays]

bump @sionicion @cb1kenobi @dfrankland @trek @styfle @stkevintan @AndyBitz @TooTallNate

[slimshreydy]

bump!