Tar package vulnerability on install

[laurenfrederick]

npm-lifeycycle is using a version of node-gyp which is pointing to a version of tar that has a vulnerability. See https://www.npmjs.com/advisories/803.

[evocateur]

The underlying issue has been patched in the source of node-gyp. This issue isn't valid for npm-lifecycle (or lerna, for that matter).

[ChALkeR]

This can be resolved with either updating to a node-gyp@4 here or doing a patch release of npm/node-tar@2, ref: isaacs/node-tar#212.

[jhnferraris]

Created a PR to update node-gyp@4 here. #31

[kaiyoma]

When can we expect a release? lerna depends on this package, so all users of lerna are currently exposed to the tar vulnerability.