chore: update dependencies to resolve security vulnerabilities

[Yeom-JinHo]

Same issue #1272

Description

This PR focuses on resolving security vulnerabilities identified by npm audit.
All updates are backward compatible and follow semantic versioning best practices.

Changes

• tar (devDependency): Updated from 7.5.2 to 7.5.4 to fix Arbitrary File Overwrite and Symlink Poisoning vulnerability (GHSA-8qq5-rm4j-mr97).
• undici (dependency): Updated from 6.22.0 to 6.23.0 to fix unbounded decompression chain vulnerability that could lead to resource exhaustion (GHSA-g9mf-h72j-4rw9).
• glob (override): Added glob@13.0.0 override to resolve command injection vulnerability via CLI -c/--cmd flag (GHSA-5j98-mcp5-4vw2).

Motivation

• Security: Address high-severity vulnerabilities reported by npm audit.
• Stability: Ensure the project uses secure dependency versions without breaking changes.
• Best Practices: Follow security best practices by keeping dependencies up-to-date.

Breaking Changes

None. All updates are backward compatible:

• tar: Patch version update (7.5.2 → 7.5.4)
• undici: Patch version update (6.22.0 → 6.23.0)
• glob: Added as override, does not affect existing functionality

Testing

• Verified npm audit shows no high-severity vulnerabilities
• Confirmed all dependencies resolve correctly
• No breaking changes expected (patch/minor updates only)

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/release-it@1273

commit: 21b13a3

[NicholasEmery]

I tested the changes after the PR was merged, and everything is working correctly. Thanks again for resolving this issue!

[webpro]

🚀 This pull request is included in v19.2.4. See Release 19.2.4 for release notes.

[webpro]

Thanks @NicholasEmery and @Yeom-JinHo! ❤️