fix: add tar and undici as direct devDependencies for Dependabot resolution (#68)

Dependabot security update runs are failing because it cannot resolve
patched versions of tar (>=7.5.11) and undici (>=7.24.0) through
transitive dependency chains. While npm overrides already mitigate the
vulnerabilities locally, Dependabot's resolver doesn't honor overrides.

Adding these as explicit devDependencies lets Dependabot see and
resolve the patched versions directly.

Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Paperclip <noreply@paperclip.ing>

package-lock.json

@@ -21,6 +21,8 @@
         "react": "^18.3.1",
         "react-dom": "^18.3.1",
         "react-router-dom": "^5.3.0",
+        "tar": "^7.5.11",
+        "undici": "^7.24.3",
         "vitest": "^3.0.5"
       },
       "peerDependencies": {

package.json

@@ -47,6 +47,8 @@
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-router-dom": "^5.3.0",
+    "tar": "^7.5.11",
+    "undici": "^7.24.3",
     "vitest": "^3.0.5"
   }
 }