Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the /frontend directory: next, jspdf, playwright and tar-fs.

Updates next from 15.3.2 to 15.5.6

Release notes

Sourced from next's releases.

v15.5.6

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Turbopack: don't define process.cwd() in node_modules #83452

Credits

Huge thanks to @​mischnic for helping!

v15.5.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Split code-frame into separate compiled package (#84238)
• Add deprecation warning to Runtime config (#84650)
• fix: unstable_cache should perform blocking revalidation during ISR revalidation (#84716)
• feat: experimental.middlewareClientMaxBodySize body cloning limit (#84722)
• fix: missing next/link types with typedRoutes (#84779)

Misc Changes

• docs: early October improvements and fixes (#84334)

Credits

Huge thanks to @​devjiwonchoi, @​ztanner, and @​icyJoseph for helping!

v15.5.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: ensure onRequestError is invoked when otel enabled (#83343)
• fix: devtools initial position should be from next config (#83571)
• [devtool] fix overlay styles are missing (#83721)
• Turbopack: don't match dynamic pattern for node_modules packages (#83176)
• Turbopack: don't treat metadata routes as RSC (#82911)
• [turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (#83357)
• Turbopack: throw large static metadata error earlier (#82939)
• fix: error overlay not closing when backdrop clicked (#83981)
• Turbopack: flush Node.js worker IPC on error (#84077)

Misc Changes

• [CNA] use linter preference (#83194)
• CI: use KV for test timing data (#83745)

... (truncated)

Commits

• 55ef0e3 v15.5.6
• 92bbbb1 Backport: don't define process.cwd() in node_modules (#84957)
• f895b72 Fix url-imports test on 15-5 (#84966)
• 81f530d v15.5.5
• 9abbc0e [backport] fix: missing next/link types with typedRoutes (#82814) (#84779)
• 121e1b5 [backport] docs: early October improvements and fixes (#84334)
• 1b276c9 [backport]: experimental.middlewareClientMaxBodySize (#84722)
• 2061f04 [backport] fix: unstable_cache should perform blocking revalidation during IS...
• ce3d963 [backport] Add deprecation warning to Runtime config (#84168) (#84650)
• ec69752 [backport] Split code-frame into separate compiled package (#84174) (#84238)
• Additional commits viewable in compare view

Updates jspdf from 3.0.1 to 3.0.3

Release notes

Sourced from jspdf's releases.

v3.0.3

This release fixes regressions with PNG encoding that were introduced in v3.0.2.

What's Changed

• Fix division by zero when calculating word spacing by @​alxndr-pggm in parallax/jsPDF#3879
• fix scaling of form object bounding boxes by @​HackbrettXXX in parallax/jsPDF#3888
• fix regressions in PNG encoding that were introduced in 3.0.2 by @​HackbrettXXX in parallax/jsPDF#3887

New Contributors

• @​alxndr-pggm made their first contribution in parallax/jsPDF#3879

Full Changelog: parallax/jsPDF@v3.0.2...v3.0.3

v3.0.2

This release fixes a security issue where parsing of corrupt PNG images could lead to long running loops and denial of service.

What's Changed

• [Snyk] Upgrade @​babel/runtime from 7.26.7 to 7.26.9 by @​MrRio in parallax/jsPDF#3847
• Fix parsing corrupt PNG images in addImage method by @​HackbrettXXX in parallax/jsPDF#3880. The atob and btoa dependencies have been removed and the fast-png dependency has been added.

New Contributors

• @​WardenDrew made their first contribution in parallax/jsPDF#3872

Full Changelog: parallax/jsPDF@v3.0.1...v3.0.2

Commits

• 574a941 3.0.3
• 9ea590c fix regressions in PNG encoding that were introduced in 3.0.2 (#3887)
• 394d1e7 fix scaling of form object bounding boxes (#3888)
• 064194f Fix division by zero when calculating word spacing (#3879)
• 543b356 3.0.2
• 4cf3ab6 Fix parsing corrupt PNG images in the addImage method (#3880)
• 7c51caa Correct the millimeter unit conversion constant in docs (#3872)
• d8bfc9f fix: upgrade @​babel/runtime from 7.26.7 to 7.26.9 (#3847)
• See full diff in compare view

Updates playwright from 1.52.0 to 1.56.1

Release notes

Sourced from playwright's releases.

v1.56.1

Highlights

#37871 chore: allow local-network-access permission in chromium #37891 fix(agents): remove workspaceFolder ref from vscode mcp #37759 chore: rename agents to test agents #37757 chore(mcp): fallback to cwd when resolving test config

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.56.0

Playwright Agents

Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test:

• 🎭 planner explores the app and produces a Markdown test plan
• 🎭 generator transforms the Markdown plan into the Playwright Test files
• 🎭 healer executes the test suite and automatically repairs failing tests

Run npx playwright init-agents with your client of choice to generate the latest agent definitions:

# Generate agent files for each agentic loop
# Visual Studio Code
npx playwright init-agents --loop=vscode
# Claude Code
npx playwright init-agents --loop=claude
# opencode
npx playwright init-agents --loop=opencode

[!NOTE] VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality!

Learn more about Playwright Agents

New APIs

• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page
• New method page.requests() for retrieving the most recent network requests from the page
• Added --test-list and --test-list-invert to allow manual specification of specific tests from a file

UI Mode and HTML Reporter

• Added option to 'html' reporter to disable the "Copy prompt" button
• Added option to 'html' reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list
• Added option to UI Mode mirroring the --update-snapshots options
• Added option to UI Mode to run only a single worker at a time

... (truncated)

Commits

• 54c7115 chore: revert "minimal vscode version notice" (#37892)
• 7d45eb3 chore: mark v1.56.1 (#37784)
• e6ef697 cherry-pick(#37871): chore: allow local-network-access permission in chromium
• 932542c cherry-pick(#37891): fix(agents): remove workspaceFolder ref from vscode mcp
• 0662dd2 cherry-pick(#37759): chore: rename agents to test agents
• 919549e cherry-pick(#37758): docs: mention VS Code insiders in the agents docs
• e593c64 cherry-pick(#37757): chore(mcp): fallback to cwd when resolving test config
• a8a6e10 cherry-pick(#37755): chore(mcp): minimal vscode version notice
• f36b2ee cherry-pick(#37731): docs: add agents video to agents page (#37733)
• b6af258 cherry-pick(#37727): devops: fix NPM release step (#37728)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for playwright since your current version.

Updates tar-fs from 2.1.2 to 2.1.4

Commits

• f421a23 2.1.4
• c412fa1 refactor to same pattern as v3
• 4b7e868 2.1.3
• 266194b hardlink tweak from main
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}