[release-25.11] nodePackages.prebuild-install: mark as potentially vulnerable

[tomodachi94]

Dropped in #470892. This package might be vulnerable to CVE-2025-59343 due to its dependency on an old version of tar-fs. I don't know if this CVE can be exploited with prebuild-install, but better safe than sorry here.

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

---

Add a 👍 reaction to pull requests you find important.

[github-actions]

This report is automatically generated by the PR / Check / cherry-pick CI workflow.

Some of the commits in this PR require the author's and reviewer's attention.

If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.

Important

79933db is not a cherry-pick, because: Package was dropped on master (#470892). Please review this commit manually.

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

[pyrox0]

LGTM

unneeded, package is dropped on master but is kept for back-compat on 25.11