build(deps): bump tar and npm

[dependabot]

Removes tar. It's no longer used after updating ancestor dependency npm. These dependencies need to be updated together.

Removes tar

Updates npm from 11.8.0 to 11.11.0

Release notes

Sourced from npm's releases.

v11.11.0

11.11.0 (2026-02-25)

Features

• 4fcd352 #9017 add :type(registry) to query selector syntax (#9017) (@​wraithgar)
• e1b21f0 #8909 adds circleci to trust command (#8909) (@​owlstronaut)
• 9a33ad0 #8925 adds circleci to oidc (#8925) (@​owlstronaut)

Bug Fixes

• 4426411 #9026 npm audit signatures for keyless attestation registries (#9026) (@​ajayk)
• 658b323 #9010 handle legacy licenses array in sbom output (#9010) (@​JNC4)

Documentation

• 143f8cd #9007 docs shouldn't wrap yaml description (#9007) (@​owlstronaut)

Dependencies

• 7798b6e #9027 @gar/promise-retry@1.0.2
• 4838864 #9027 balanced-match@4.0.4
• 0c200dd #9027 brace-expansion@5.0.3
• f0606bb #9027 spdx-license-ids@3.0.23
• d43f350 #9027 make-fetch-happen@15.0.4
• 4d0918a #9027 @npmcli/git@7.0.2
• 8912ca7 #9027 minipass-fetch@5.0.2
• 450ff35 #9027 npm-packlist@10.0.4
• 20ef5a5 #9027 pacote@21.4.0
• 60f332c #9008 remove promise-retry
• cb8b9c7 #9008 add @gar/promise-retry@1.0.0
• workspace: @npmcli/arborist@9.4.0
• workspace: libnpmdiff@8.1.3
• workspace: libnpmexec@10.2.3
• workspace: libnpmfund@7.0.17
• workspace: libnpmpack@9.1.3

v11.10.1

11.10.1 (2026-02-19)

Bug Fixes

• 9fac412 #8995 improve unknown config warning with .npmrc section hint (#8995) (@​umeshmore45)
• bb135cc #8981 arborist: fix peerOptional dependency resolution in buildIdealTree (#8981) (@​Saibamen, @​cursoragent)
• 5c03826 #8993 remove tabular output from "npm view" (@​wraithgar)
• 4648f26 #8993 remove tabular output from "npm team" (@​wraithgar)

Documentation

• 0a5756d #8998 clarify unsupported custom .npmrc keys and recommend alternatives (#8998) (@​maitrawebtech)
• 22c9153 #8985 fix typo and grammar in README (#8985) (@​csmit195, Chris)

Dependencies

• aa8ffbf #9002 init-package-json@8.2.5 (#9002)
• 67a0f09 #9001 glob@13.0.6
• 56b8fd4 #9001 minimatch@10.2.2
• aa7fef5 #9001 minipass@7.1.3
• d3a4161 #9000 @npmcli/package-json@7.0.5 (#9000)
• 7aa9338 #8993 remove cli-columns
• f7f7c53 #8991 hoist balanced-match
• 10cb575 #8991 hoist latest yallist
• 1b3dc9a #8991 cidr-regex@5.0.3
• 4307af6 #8991 glob@13.0.5

... (truncated)

Changelog

Sourced from npm's changelog.

11.11.0 (2026-02-25)

Features

• 4fcd352 #9017 add :type(registry) to query selector syntax (#9017) (@​wraithgar)
• e1b21f0 #8909 adds circleci to trust command (#8909) (@​owlstronaut)
• 9a33ad0 #8925 adds circleci to oidc (#8925) (@​owlstronaut)

Bug Fixes

• 4426411 #9026 npm audit signatures for keyless attestation registries (#9026) (@​ajayk)
• 658b323 #9010 handle legacy licenses array in sbom output (#9010) (@​JNC4)

Documentation

• 143f8cd #9007 docs shouldn't wrap yaml description (#9007) (@​owlstronaut)

Dependencies

• 7798b6e #9027 @gar/promise-retry@1.0.2
• 4838864 #9027 balanced-match@4.0.4
• 0c200dd #9027 brace-expansion@5.0.3
• f0606bb #9027 spdx-license-ids@3.0.23
• d43f350 #9027 make-fetch-happen@15.0.4
• 4d0918a #9027 @npmcli/git@7.0.2
• 8912ca7 #9027 minipass-fetch@5.0.2
• 450ff35 #9027 npm-packlist@10.0.4
• 20ef5a5 #9027 pacote@21.4.0
• 60f332c #9008 remove promise-retry
• cb8b9c7 #9008 add @gar/promise-retry@1.0.0
• workspace: @npmcli/arborist@9.4.0
• workspace: libnpmdiff@8.1.3
• workspace: libnpmexec@10.2.3
• workspace: libnpmfund@7.0.17
• workspace: libnpmpack@9.1.3

11.10.1 (2026-02-19)

Bug Fixes

• 9fac412 #8995 improve unknown config warning with .npmrc section hint (#8995) (@​umeshmore45)
• bb135cc #8981 arborist: fix peerOptional dependency resolution in buildIdealTree (#8981) (@​Saibamen, @​cursoragent)
• 5c03826 #8993 remove tabular output from "npm view" (@​wraithgar)
• 4648f26 #8993 remove tabular output from "npm team" (@​wraithgar)

Documentation

• 0a5756d #8998 clarify unsupported custom .npmrc keys and recommend alternatives (#8998) (@​maitrawebtech)
• 22c9153 #8985 fix typo and grammar in README (#8985) (@​csmit195, Chris)

Dependencies

• aa8ffbf #9002 init-package-json@8.2.5 (#9002)
• 67a0f09 #9001 glob@13.0.6
• 56b8fd4 #9001 minimatch@10.2.2
• aa7fef5 #9001 minipass@7.1.3
• d3a4161 #9000 @npmcli/package-json@7.0.5 (#9000)
• 7aa9338 #8993 remove cli-columns
• f7f7c53 #8991 hoist balanced-match
• 10cb575 #8991 hoist latest yallist
• 1b3dc9a #8991 cidr-regex@5.0.3
• 4307af6 #8991 glob@13.0.5
• 13b4d6a #8991 minimatch@10.2.1
• 45d4000 #8991 tar@7.5.9

... (truncated)

Commits

• 6cb34ca chore: release 11.11.0
• 4426411 fix: npm audit signatures for keyless attestation registries (#9026)
• 7798b6e deps: @​gar/promise-retry@​1.0.2
• 4838864 deps: balanced-match@4.0.4
• 0c200dd deps: brace-expansion@5.0.3
• f0606bb deps: spdx-license-ids@3.0.23
• d43f350 deps: make-fetch-happen@15.0.4
• 4d0918a deps: @​npmcli/git@​7.0.2
• 8912ca7 deps: minipass-fetch@5.0.2
• 450ff35 deps: npm-packlist@10.0.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.03%. Comparing base (fa6248c) to head (ea09854).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1070   +/-   ##
=======================================
  Coverage   95.03%   95.03%           
=======================================
  Files         135      135           
  Lines        8211     8211           
=======================================
  Hits         7803     7803           
  Misses        408      408           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.