Bump tar, firebase, react-scripts and sharp

[dependabot]

Bumps tar to 6.2.1 and updates ancestor dependencies tar, firebase, react-scripts and sharp. These dependencies need to be updated together.

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates firebase from 6.1.0 to 10.10.0

Commits

• 13762a4 Version Packages (#8101)
• 73f40f5 Merge master into release
• c8a2568 Add a changset to the transitive dependency update (#8097)
• 9fc4633 dependabot/npm_and_yarn/e2e/webpack-dev-middleware-5.3.4 (#8095)
• ed84efe [ServerApp] Firebase Server App feature branch (#8005)
• 89541ef Dependabot transitive dependency rollup (#8088)
• 9ca1a4e More complex check for authTokenSyncUrl (#8076)
• 0c51501 Run npm pkg fix on all packages (#8079)
• 1494c4b Enable previously failing (Firestore) Node.js and Browser (Chrome) Tests (#...
• 1eb302f Version Packages (#8063)
• Additional commits viewable in compare view

Updates react-scripts from 2.1.8 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.0.0 and Newer Versions

Please refer to CHANGELOG.md for the newer versions.

Commits

• 19fa58d Publish
• 9802941 fix: webpack noise printed only if error or warning (#12245)
• 2eef1d0 Update templates to use React 18 createRoot (#12220)
• 221e511 Publish
• 5614c87 Add support for Tailwind (#11717)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• c7627ce Update webpack and dev server (#11646)
• 544befe Update package.json (#11597)
• Additional commits viewable in compare view

Updates sharp from 0.23.0 to 0.33.3

Changelog

Sourced from sharp's changelog.

v0.33.3 - 23rd March 2024

• Upgrade to libvips v8.15.2 for upstream bug fixes.

• Ensure keepIccProfile retains P3 and CMYK input profiles. #3906 #4008

• Ensure text.wrap property can accept word-char as value. #4028 @​yolopunk

• Ensure clone takes a deep copy of existing options. #4029

• Add bitdepth option to heif output (prebuilt binaries support 8-bit only). #4036 @​mertalev

v0.33.2 - 12th January 2024

• Upgrade to libvips v8.15.1 for upstream bug fixes.

• TypeScript: add definition for keepMetadata. #3914 @​abhi0498

• Ensure extend operation stays sequential when copying (regression in 0.32.0). #3928

• Improve error handling for unsupported multi-page rotation. #3940

v0.33.1 - 17th December 2023

• Add support for Yarn Plug'n'Play filesystem layout. #3888

• Emit warning when attempting to use invalid ICC profiles. #3895

• Ensure VIPS_NOVECTOR environment variable is respected. #3897 @​icetee

v0.33.0 - 29th November 2023

• Drop support for Node.js 14 and 16, now requires Node.js ^18.17.0 or >= 20.3.0

• Prebuilt binaries distributed via npm registry and installed via package manager.

... (truncated)

Commits

• 55466f1 Release v0.33.3
• ede8217 Prerelease v0.33.3-rc.0
• 2689fb4 Bump deps
• eaf31a5 Docs: changelog and credit for #4036
• aa1bbcb Guard heif bitdepth property for prebuilt binaries
• 3c26080 Add bitdepth option to heif output (#4036)
• dc07fd4 Upgrade to libvips v8.15.2
• 7bc74fe Ensure clone takes deep copy of options #4029
• c5f318e Docs: add changelog and credit for #4028
• 8fbb1cd Ensure text.wrap property can accept word-char as value (#4028)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.