tar and node-gyp versions bump

[igeto]

Summary

tar <6.1.11 has denial of service vulnerability, bumping it to v6.2.1 should be enough
also node-gyp 8.* is dependent on tar so that version need bumping too

Proposed implementation

bump tar version to ^6.2.1 or latest
bump node-gyp version to 11

[Jan-Wilamowski-Clario]

relatedly, I get this deprecation warning: npm warn deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs

which is caused by a string of outdated dependencies even though I use the latest sqlite version:

my-project
└─┬ sqlite3@5.1.7
  └─┬ node-gyp@8.4.1
    └─┬ make-fetch-happen@9.1.0
      └─┬ cacache@15.3.0
        └── @npmcli/move-file@1.1.2

[brian6932]

node-gyp 8.x can't even recognize modern Windows SDKs. When I set an 11.x override in package.json, the problem goes away.

{
	"pnpm": {
		"overrides": {
			"node-gyp": "11.x"
		}
	},
	"overrides": {
		"node-gyp": "11.x"
	}
}

[igeto]

Any info on this? Will we get a version bump with fix for these vulnerabilities?