Bump tar and gl-matrix

[dependabot]

Removes tar. It's no longer used after updating ancestor dependency gl-matrix. These dependencies need to be updated together.

Removes tar

Updates gl-matrix from 2.5.1 to 2.8.1

Release notes

Sourced from gl-matrix's releases.

v2.8.1

Provide ES modules with other ES features transpiled to ES5: toji/gl-matrix#335

v2.7.0

Notable changes:

• Compiling /dist/gl-matrix.js in production mode
• Tree shaking improvements
• Fixes dual quaternion normalizing
• Added quat.random()

Performance improvements:

• create() is now faster if the browser supports Float32Arrays

Minor fixes:

• Used glMatrix.EPSILON instead of a hardcoded value in 2 more places

v2.6.1

• Dual Quaternions
• mat4.perspective supports Infinity as the last parameter
• Minor performance improvements
• Various bug fixes
• Fewer dependencies

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Lockfile-only transitive dependency update for terminal rendering; main risk is install/reproducibility across npm versions, not runtime logic changes.

Overview
Regenerates package-lock.json after Dependabot’s gl-matrix upgrade (2.5.1 → 2.8.1) on the path through blessed-contrib / drawille-canvas-blessed-contrib. There are no application source changes—only the lockfile.

The notable dependency-tree change is that older gl-matrix pulled in npm as a dependency, which in turn brought tar into the tree; 2.8.1 no longer does, so tar disappears from the resolved graph.

The lockfile also moves to lockfileVersion 3 (packages / node_modules/* layout, semver ranges on nested deps, deprecation metadata). That accounts for most of the line churn and is format/tooling, not new direct dependencies in package.json.

^{Reviewed by Cursor Bugbot for commit 6853e99. Bugbot is set up for automated code reviews on this repo. Configure here.}