Follow-up request: update bluetooth-hci-socket optional dep after tar remediation release

[eguchi-lab]

Summary

@abandonware/noble currently depends on @abandonware/bluetooth-hci-socket via optional dependency (^0.5.3-11).

Downstream projects are getting tar@6.2.1 in lockfiles through this path, which triggers open tar advisories (hardlink/symlink escape class issues).

Related upstream work

I opened the dependency update in @abandonware/bluetooth-hci-socket:

• Issue: Dependency update request: resolve tar advisories by upgrading node-pre-gyp/node-gyp node-bluetooth-hci-socket#63
• PR: chore: bump node-pre-gyp/node-gyp to move off vulnerable tar@6 node-bluetooth-hci-socket#64

That PR updates:

• @mapbox/node-pre-gyp to ^2.0.3
• node-gyp to ^11.5.0
• lockfile path to tar@7.5.9

Request

After @abandonware/bluetooth-hci-socket publishes a release including the above change, could @abandonware/noble update its optional dependency range to that released version?

This would let downstream users/remediators move off the vulnerable tar@6.x resolution path.

Note

There may be install-time Node version impact from node-pre-gyp@2.x (Node >=18), so this may need a compatibility decision in your release policy.