Build(deps): Bump tar and npm

[dependabot]

Removes tar. It's no longer used after updating ancestor dependency npm. These dependencies need to be updated together.

Removes tar

Updates npm from 9.6.4 to 10.8.1

Release notes

Sourced from npm's releases.

libnpmhook: v10.0.5

10.0.5 (2024-05-15)

Dependencies

• 63ef498 #7457 [email protected]

Chores

• 9c4d3c4 #7467 template-oss-apply (@​lukekarrys)
• 2b7ec54 #7467 [email protected] (@​lukekarrys)

libnpmhook: v10.0.4

10.0.4 (2024-04-30)

Bug Fixes

• 57ebebf #7418 update repository.url in package.json (#7418) (@​wraithgar)

Dependencies

• a7145d4 #7453 [email protected]

libnpmhook: v10.0.3

10.0.3 (2024-04-25)

Dependencies

• ee4b3e0 #7373 [email protected]

libnpmhook: v10.0.2

10.0.2 (2024-04-03)

Dependencies

• 87a61fc #7334 [email protected]

Changelog

Sourced from npm's changelog.

10.8.1 (2024-05-29)

Bug Fixes

• 6b55646 #7569 exec: look in workspace and root for bin entries (#7569) (@​wraithgar)
• e4c7a41 #7564 publish: skip workspace packages marked private on publish (#7564) (@​milaninfy)
• 8f94ae8 #7556 utils/tar: index access while match is null (#7555) (#7556) (@​NormanPerrin)
• 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@​reggi)
• 7d89b55 #7490 ci: rm workspace node_modules (#7490) (@​reggi)
• 9122fb6 #7516 cache: add both full and minified packument to cache (#7516) (@​milaninfy)
• 9e6686b #7545 send proper otp token on web auth (#7545) (@​wraithgar)
• b1db070 #7534 refactor: use output.buffer and set explicit json mode in query (#7534) (@​lukekarrys)
• 53cda32 #7542 refactor ls to use output.buffer for json (#7542) (@​lukekarrys)
• 61d5771 #7541 remove json.stringify from all commands (#7541) (@​lukekarrys)
• 4dfc7d2 #7540 pass strings to JSON.stringify in --json mode (#7540) (@​lukekarrys)
• 3cefdf6 #7538 outdated: return array for outdated deps from multiple workspaces (@​lukekarrys)
• ef4c975 #7508 view: dont immediately exit on first workspace 404 (#7508) (@​lukekarrys)

Documentation

• fd6479f #7560 update publish docs: dist-tag + publish case (#7560) (@​davidlj95)

Dependencies

• e3f0fd4 #7568 @npmcli/[email protected]
• 447a8d7 #7566 [email protected]
• 83fed2e #7566 [email protected]
• 41291ba #7566 @sigstore/[email protected]
• 18b42a4 #7566 [email protected]
• 5c6759d #7566 [email protected]
• 2508a83 #7566 [email protected]
• 6278fe4 #7566 [email protected]

10.8.1 (2024-05-29)

Bug Fixes

• 6b55646 #7569 exec: look in workspace and root for bin entries (#7569) (@​wraithgar)
• e4c7a41 #7564 publish: skip workspace packages marked private on publish (#7564) (@​milaninfy)
• 8f94ae8 #7556 utils/tar: index access while match is null (#7555) (#7556) (@​NormanPerrin)
• 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@​reggi)
• 7d89b55 #7490 ci: rm workspace node_modules (#7490) (@​reggi)
• 9122fb6 #7516 cache: add both full and minified packument to cache (#7516) (@​milaninfy)
• 9e6686b #7545 send proper otp token on web auth (#7545) (@​wraithgar)
• b1db070 #7534 refactor: use output.buffer and set explicit json mode in query (#7534) (@​lukekarrys)
• 53cda32 #7542 refactor ls to use output.buffer for json (#7542) (@​lukekarrys)
• 61d5771 #7541 remove json.stringify from all commands (#7541) (@​lukekarrys)
• 4dfc7d2 #7540 pass strings to JSON.stringify in --json mode (#7540) (@​lukekarrys)
• 3cefdf6 #7538 outdated: return array for outdated deps from multiple workspaces (@​lukekarrys)
• ef4c975 #7508 view: dont immediately exit on first workspace 404 (#7508) (@​lukekarrys)

... (truncated)

Commits

• 6109960 chore: release 10.8.1
• 6b55646 fix(exec): look in workspace and root for bin entries (#7569)
• 4a36d78 chore: fix linting in arborist debugger
• 2d84091 chore: fix snapshots for updated @​npmcli/package-json
• e3f0fd4 deps: @​npmcli/package-json@​5.1.1
• 4b57b95 chore: fix linting in mock registry
• 6574dc9 chore: dev dependency updates
• 447a8d7 deps: [email protected]
• 83fed2e deps: [email protected]
• 41291ba deps: @​sigstore/tuf@​2.3.4
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.