chore(deps): bump tar, @semantic-release/npm and multi-semantic-release

[dependabot]

Removes tar. It's no longer used after updating ancestor dependencies tar, @semantic-release/npm and multi-semantic-release. These dependencies need to be updated together.

Removes tar

Updates @semantic-release/npm from 12.0.1 to 13.1.5

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

• deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

• deps: update dependency @​actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

• deps: update dependency read-pkg to v10 (#1032) (f3f1a00)

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

• publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

• trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
• trusted-publishing: refine the messages for related errors (316ce21), closes #958
• trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
• trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
• trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

... (truncated)

Commits

• daec492 fix(deps): update dependency normalize-url to v9 (#1095)
• af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
• 7354e11 chore(deps): update node.js to v24 (#1027)
• 2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
• 95ba689 chore(deps): update dependency c8 to v11 (#1096)
• 5d32912 chore(deps): update npm to v11.10.1 (#1094)
• 54f908c chore(deps): lock file maintenance (#1093)
• 91e1f14 chore(deps): update npm to v11.10.0 (#1092)
• 0d7d37e chore(deps): lock file maintenance (#1089)
• c5411cc chore(deps): update npm to v11.9.0 (#1088)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/npm since your current version.

Updates multi-semantic-release from 3.0.2 to 3.1.0

Release notes

Sourced from multi-semantic-release's releases.

v3.1.0

3.1.0 (2025-11-15)

Features

• provide support for semantic-release v25 (#160) (2cb99f3)

Commits

• 2cb99f3 feat: provide support for semantic-release v25 (#160)
• 35ca9ad refactor: align semrel API injects for esm and commonjs flows
• b0ac8e6 chore(deps): bump tar from 6.1.11 to 6.2.1
• 8f044e4 test: bind semrel v19 and nodejs v14
• 8bfd3cc ci: add nodejs 24 to test matrix
• 479fa26 refactor: step forward to esm
• fd7d547 chore(deps): bump semver from 5.7.1 to 7.6.2
• d560461 chore(deps): bump @​babel/runtime from 7.13.9 to 7.27.0
• d37cacd chore(deps): bump cross-spawn from 7.0.3 to 7.0.6
• e649d21 chore(deps): bump micromatch from 4.0.2 to 4.0.8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.