Upgrading tar-fs version

[protikbiswas100]

Description

This PR addresses a security vulnerability as a part of component governance (GHSA-8cj5-5rvv-wf4v) by upgrading the tar-fs package from version 3.0.8 to 3.0.9 across the entire dependency tree.

Type of Change

• Bug fix (non-breaking change which fixes an issue)

Why

What is the motivation for this change? Add a few sentences describing the context and overall goals of the pull request's commits.

Resolves [https://github.com/advisories/GHSA-8cj5-5rvv-wf4v]

What

As a part of component governance, The repository had multiple versions of tar-fs installed:

tar-fs@^3.0.6 (resolving to 3.0.9) - used by newer dependencies like @puppeteer/browsers
tar-fs@^2.0.0 (resolving to 2.1.3) - used by older dependencies like [email protected]
The older version (2.1.3) contained the security vulnerability that needed to be addressed.

Screenshots

Testing

✅ yarn install completes successfully
✅ yarn build passes without errors
✅ Verified all tar-fs instances use version 3.1.0
✅ Confirmed removal of the vulnerable version
After this change yarn why tar-fs
yarn why v1.22.22
[1/4] Why do we have the module "tar-fs"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "[email protected]"

Changelog

Should this change be included in the release notes: yes

Add a brief summary of the change to use in the release notes for the next release.

Microsoft Reviewers: Open in CodeFlow

[HariniMalothu17]

@protikbiswas100 please update component governance pr descriptions similar to this pr
#14565

[satkh]

Make sure use the right target and origin branches.

[protikbiswas100]

Raised another PR from 0.79-stable instead of main
#14942
closing this PR